By akademiotoelektronik, 12/02/2023
How to lock your Microsoft account and protect it from external attacks
What is your most precious online account, the one that deserves the most to be protected?If you use a Microsoft account to connect to a Windows PC, it is this account and the email address associated with it that it is necessary to protect the most.
This is especially true if you use OneDrive storage with this Microsoft account, and it contains all the documents you create and modify using the Office Applications of Microsoft 365.
In this article, you will find seven measures to protect your account from online attacks.As always, you will have to find the happy medium between what suits you and security.To do this, you will find three possible safety levels, depending on the rigor with which you want to lock your Microsoft account.
This article concerns the consumer microsoft accounts used with Microsoft 365 family and staff editions.The security settings for Microsoft 365 professionals and business accounts, which use the Cloud Onedrive for Business service, are managed by domain administrators via Azure Active Directory, using a completely different tools set.
publicitéLevel 1: basic safety
Most PC users can be satisfied with this basic level of safety.This is especially true if you do not use your Microsoft email address as a main identifier to connect to other sites.If ever one of your loved ones who has little technical knowledge, or even who is intimidated by a password, asks you for help, offer him this option.
At a minimum, you must create a strong password for your Microsoft account, a password that is not used by any other account.
In addition, you should activate two -step verification (term used by Microsoft to designate multifactorial authentication) in order to protect you from phishing and other forms of password flight.When this function is activated, you must provide additional proof of your identity when you connect for the first time on a new device or when you do a high -risk activity, such as payment of an online purchase.Additional verification generally consists of a code sent by SMS to a trusted or email apparatus to another recorded account.
Level 2: Intermediate security
Even if these basic precautions are generally sufficient, you can considerably strengthen the safety of your account by taking some additional measures.
First, install the Microsoft Authenticator application on your Android iPhone or device, and configure it to use it as a connection and verification option.Then delete the option to use SMS to check your identity.
With this configuration, you can always use your mobile phone as an authentication factor, but a potential attacker will not be able to intercept text messages or usurp your phone number.
Level 3: Maximum security
For maximum safety, add at least one physical hardware to the Microsoft Authenticator application and, as an option, delete electronic addresses as a rescue factor.This configuration places important barriers on the path of the most determined striker.
It requires an additional investment in equipment and certainly adds some friction to the connection process, but it is by far the most effective way to secure your Microsoft account.
Step 1: Create a new strong password
First of all, you need a strong and unique password for your Microsoft account.The best way to make sure you have fulfilled this condition is to use the tools of your password manager to create a brand new password.If you do not have a password manager, you can try an online option, like 1Password or Lastpass.
The creation of a new password guarantees that the identification information of your account is not shared with another account;It also guarantees that an old password that you could have reused inadvertently is not part of a password violation.
To change your password, go to the Microsoft account safety basics page at https: // account.microsoft.Com/Security/.Identify yourself, if necessary, then click "Modify password".
Generate a brand new password to make sure you do not accidentally reuse an old password.
Follow the instructions to record the new password using your password manager.Do not hesitate to note it, if you prefer a physical backup.Just keep the paper in a safe place, such as a locked drawer or a safe.
Step 2: Print a recovery code
Print a recovery code and keep it in a safe place;You will need it if you lose access to your account.
The next step is to record a recovery code.If you cannot connect to your account because you have forgotten the password, access to this code will prevent you from being definitively blocked.
On the safety page of Microsoft account safety, find the "Advanced Safety Options" section and click "Start".You then access the Microsoft account safety page, which is not so simple.To go directly, put this address in your favorites "": https: // account.lively.com/proofs/Manage/Additional.
Scroll down to the bottom of the page and look for the "Recovery Code" section.Click on "Generate a new code" to display a dialog box like the one illustrated above.
Print this recovery code and store it in the same workforce or wrapped safe as the one where you have put your password tidy.
Good to know: Microsoft allows you to generate a single code both for a Microsoft account.The generation of a new code makes the old code invalid.
Step 3: Activate two -step verification
Do not leave the "Account Safety" page right away.Instead, to scroll the page to the "two-step verification" section (under the title "additional security") and make sure that this option is activated.
The configuration process is a fairly simple assistant who confirms that you are able to receive check messages.If you use a modern smartphone with an up -to -date version of iOS or Android, you can ignore the prompts to create an application password for the messaging client on these phones.
Step 4: Add a secure email address as a means of verification
Use this dialog box to add secure verification options to your account.
Microsoft recommends you to have at least two forms of verification in addition to your password.If you must reset your password, when two -step verification is activated, you will have to provide these two forms of identification, under penalty of being definitively blocked.
A free email address, like a Gmail account, is acceptable if your safety needs are minimal, but a professional email address is a much better choice.If necessary, you can send a verification code to this address.
Go to the Advanced Security page of the Microsoft account and click on "Add a new way to connect or check".
Choose the "send an email" option, enter your email address, then enter the code you receive to confirm this verification option.
Step 5: Configure the Microsoft Authenticator application
Smartphone applications that generate Totp (Time-Based One-Time Password algorithm) codes are an increasingly popular form of multifactorial authentication, and I strongly recommend their use for any service that supports them.
Even if you use another authentication application for most services, I recommend using Microsoft Authenticator for your Microsoft account.In this configuration, any connection attempt requiring verification sends a push notification on your smartphone.Approve the request, and voila.
An additional advantage is that the Microsoft Authenticator application can be used for connection without password as well as for verification.
To configure Microsoft Authenticator with a Microsoft account, go to the Advanced Security page of the Microsoft account and click "Add a new way to connect or check".Choose the "Use an application" option, then after installing the Microsoft Authenticator application, log in using your account identification information.
Step 6: Delete verification by SMS
At this point, you should have more than secure means to authenticate yourself and check your identity.This means that it is time to remove the weakest link in the chain: SMS.
What makes SMS so problematic, from a security point of view, is that a hacker can divert your mobile account.It happened to my colleague from Zdnet, Matthew Miller, a few years ago, and I do not wish this nightmare to anyone.
Before modifying this parameter, confirm that you have at least two other verification forms (a secure email address and the Microsoft Authenticator application, ideally) and that you have saved a recovery code on behalf of.Then, from the Advanced Security page of the Microsoft account, develop the Text A Code section.
After adding safer verification options, delete the low -fashion link in SMS.
Click on "Delete" to eliminate this option.
Step 7: Use a hardware safety key for authentication
Using a hardware key, you can connect to your Microsoft account with a simple PIN code.
This step is the most advanced of all.It requires an investment in additional equipment, but the obligation to insert a device in a USB port or to establish a connection via Bluetooth or NFC adds the highest level of safety.
To configure a hardware key, go to the advanced safety page of your Microsoft account and click "Add a new way to connect or check".Choose the "Use a safety key" option, then follow the instructions.
You will need to enter the PIN code of your hardware key, then touch to activate it.Once the configuration is completed, you have an effective way to connect to any service managed by your Microsoft account without having to worry about passwords.
As mentioned at the start of this article, most users do not need this level of advanced protection.But if your OneDrive account contains value documents such as tax return and bank readings, you may want to lock it as closely as possible.
Source: ZDNET.com
Related Articles