Let’s guard Microsoft account from attackers.
To ensure the utmost protection for your Microsoft account, it is crucial to take necessary measures against potential attackers.
Explore More; Experience secure RDP
Your most valuable online account, the one that truly deserves utmost protection, is your personal Microsoft account. It is crucial to safeguard this account, especially if you rely on it to sign in to Windows PCs, create and store documents using Microsoft 365’s Office apps, and utilize Microsoft’s OneDrive cloud storage service.
How much guarding do you need for Microsoft account?
1. Baseline
The initial level of security (steps 1-3) is more than sufficient for the majority of casual users of Microsoft services, particularly those who do not rely heavily on their Microsoft email address for accessing other websites. If you find yourself assisting a friend or family member who lacks technical expertise and feels overwhelmed by passwords, these options will greatly benefit them.
To begin, it is crucial to create a robust password for your Microsoft account, one that is unique and not utilized for any other accounts. Following this, you will activate two-step verification (referred to as multi-factor authentication by Microsoft) to safeguard yourself against phishing attempts and other forms of password theft. Enabling this feature necessitates providing additional proof of your identity when signing in on a new device or engaging in high-risk activities, such as changing your password or adding a credit card to your account. Typically, this additional verification involves receiving a code via SMS text message on a trusted device.
2. Better
Those baseline precautions are adequate, but you can tighten security significantly with the actions outlined in steps 4 and 5.
First, install the Microsoft Authenticator app on your smartphone (it’s available for iPhone and Android devices) and set it up for use as a sign-in and verification option. Then add a secure email address as a backup factor to verify your identity.
3. Maximum
For enhanced security, consider adding a physical hardware key and the Microsoft Authenticator app as the final steps. By doing so, you can eliminate SMS text messages as a backup verification factor. This configuration allows you to continue using your mobile phone for authentication, while preventing potential attackers from accessing your account through intercepted messages or hijacked mobile phone accounts.
That configuration places significant roadblocks in the way of even the most determined attacker. It requires an extra investment in hardware and it definitely adds some friction to the sign-in process, but it’s by far the most effective way to secure your Microsoft account
Explore More; How To Use Microsoft’s Remote Desktop Connection?
How to guard your Microsoft account from attackers?
Step 1. Create a new, strong password
When it comes to your Microsoft account, one thing is clear: a strong and unique password is essential. While Microsoft sets a minimum password length of eight characters, security experts strongly advise going beyond that. In fact, they recommend a password length of 12-16 characters for optimal security. To make your password even more robust, consider using a random combination of uppercase and lowercase letters, numbers, and special characters. Another effective option is to create a passphrase using four or more randomly selected words, separated by a special character like a hyphen. By following these guidelines, you can ensure that your Microsoft account remains secure and protected.
The best way to ensure that you’ve nailed this requirement is to use your password manager’s tools to generate a brand-new, random password or passphrase. (No password manager? Try an online option like the 1Password Strong Password Generator or the Bitwarden Password Generator.)
Generating a new password ensures that your account credentials are not shared with any other account; it also guarantees that an older password that you might have inadvertently reused isn’t part of a password breach.
To change your password, go to the Microsoft Account Security Basics page at https://account.microsoft.com/security/. Sign in, if necessary, then click Change Password. (But don’t check the box that requires you to change your password every 72 days. That will surely annoy you, and it won’t make your account appreciably more secure.)
Follow the instructions to save the new password using your password manager. Feel free to write it down, if you prefer a physical backup. Just make sure to store the paper in a secure location, such as a locked file drawer or a safe.
Step 2. Turn on 2- step verification
Before you leave the Microsoft Account Security page, take a moment to ensure your account is fully protected. Simply scroll up to the Two-Step Verification section, located under the Additional Security heading, and make sure this option is enabled. The setup process is quick and easy, and will ensure that you receive verification messages when necessary. If you’re using a modern smartphone with an up-to-date version of iOS or Android, you can rest assured that you don’t need to create an app password for your mail client. So go ahead and secure your account with Two-Step Verification, and enjoy peace of mind knowing that your information is safe and secure.
Step 3. Create a recovery code and keep it in a safe place
The next step is to save a recovery code. If you’re ever unable to sign in to your account because you’ve forgotten the password, having access to this code will save you from being permanently locked out.
Setting up two-step verification, as you did in the previous step, automatically prompts you to create a recovery code. If you didn’t keep a copy of that code, you’ll need to create a new one. On the Microsoft Account Security Basics page, find the Advanced Security Options section and click Get Started. That takes you to the not-so-basic Microsoft Account Security page.
Scroll to the bottom of the page and look for the Recovery Code section. Click Generate A New Code to display a dialog box like the one shown here.
Print out that recovery code and file it away in the same locked file cabinet or safe where you put your password. (Microsoft allows you to generate only one code at a time for a Microsoft account. Generating a new code renders the old code invalid.)
And now for some more advanced security options.
Step 4. Set up the Microsoft Authenticator app
Smartphone applications that generate Time-based One-time Password Algorithm (TOTP) codes have gained significant popularity as a form of multi-factor authentication. I strongly advocate their utilization for any service that offers support for such authentication methods.
Even if you use another authenticator app for most services, I recommend using Microsoft Authenticator with your Microsoft account. In this configuration, any sign-in attempt that requires verification sends a push notification to your smartphone. Approve the request, and you’re done.
An added bonus is that the Microsoft Authenticator app can be used for passwordless sign-in as well as verification.
Step 5. Add a secure email address as a form of verification
Microsoft strongly advises having multiple forms of verification in addition to your password for enhanced security. In the event that you need to reset your password and have enabled two-step verification, it is crucial to provide both of these identification methods. Failure to do so may result in permanent lockout from your account.
While a free email address like Gmail can suffice for basic security requirements, opting for a business email address protected by a skilled IT team is highly recommended. If needed, you can request a verification code to be sent to your designated email address.
Step 6. Remove SMS text messages as a form of verification
It’s time to remove the weakest link in the chain: SMS text messages.
What makes SMS text messages so problematic from a security point of view is the reality that an attacker can hijack your mobile account.
We understand that you may want to change your account settings, but before doing so, we kindly advise you to ensure that you have at least two alternative forms of verification, such as a secure email address and the Microsoft Authenticator app. Additionally, it’s always a good idea to save a recovery code for your account, just in case. Your account security is our top priority, and we want to make sure that you have all the necessary precautions in place.
Step 7. Use a hardware security key for authentication
This step stands out as the pinnacle of advancement. It necessitates an additional hardware investment, yet the inclusion of a device into a USB port or establishing a connection through Bluetooth or NFC brings forth an unparalleled level of security.
To configure a hardware key, go to the advanced Microsoft Account Security page and click Add A New Way To Sign In Or Verify. Choose the Use A Security Key option and then follow the prompts. You’ll need to enter the PIN for your hardware key, then touch to activate it. When that setup is complete, you’ve got a powerful way to sign in to any service powered by your Microsoft account without having to fuss with passwords.
Read More ; Ten best practices for RDP security to prevent cyberattacks
Get Connected with us on Facebook,Twitter, Instagram.
