Following on from our detailed guide to securing
your webmail, here's a quick breakdown of how to make the
most important fixes for users of Microsoft's Outlook.com (formerly known
as Hotmail and, for a while, Windows Live Hotmail).
Controls affecting Outlook.com security are mainly found in one
central place, which can be accessed by clicking your username (this will
probably be your name), shown in the top right of any live.com page when you're
logged in, and selecting "Account settings".
1. Protect
your password
Your first step should be to make sure your
password is well chosen and not shared.
If you need to set a new one, visit the
"Security & privacy" section of the Account settings page.
You'll then have to verify your account with a
security code, which you can do by email or text.
At the top you'll see when your password was
last changed, with an option to change it below.
Just below that, in the section labelled
"Security info helps
to keep your account secure", you'll find any backup email addresses
or phone numbers you've given to Microsoft to help verify your identity if you
get locked out of your account.
Make sure these are a good way of getting in
touch with you, and are not easily accessible by people you don't trust.
These contact points will also be used to send
alerts if Microsoft spots any suspicious activity - you can choose whether or
not to receive alerts by phone and whether to have them sent to multiple email
addresses, but the primary alternate email must always get alerts.
2. Set up
two-step verification
On the same screen you can also set up two-step
verification.
Scroll down to the next section of the
"Security & privacy" page.
When you follow the link to set it up, Microsoft
recommends using a smartphone app, which will vary depending on what kind of
device you use.
Windows Phone users can get Microsoft's own
authenticator app, Android users can use the Microsoft Account app, and those
with iOS devices will need Google's multi-purpose Authenticator.
Each has its own process for setting up, but
most will simply require you to scan a QR code displayed on-screen. Once set
up, you should be able to use the code generated by the app any time you want
to log in to your account.
If you choose not to use an app, or don't have a
smartphone, you can have codes sent by SMS to the number you provide, or by
email to one of your alternative accounts, but Microsoft will continue
encouraging you to opt for the app approach, at least until you tell it to
stop.
When you log in with a 2SV code, there will be
an option to trust the device you're using and not ask for any more codes, so
in future you'll only need your normal password.
Only check the box if you're on a machine you
use regularly and know to be kept well-secured.
As part of setting up 2SV, you'll be given an
emergency backup code. This is used if you ever lose access to the apps, phone
numbers and email addresses provided for 2SV codes.
Outlook.com recommends you print it and keep it
somewhere very safe, but if you find it easier to keep it in a file on your
(well secured) computer, make sure it's very well encrypted.
In the "Recovery codes" section you
can choose to renew the emergency backup code if you no longer have it.
3. Check
your settings
You should consider checking the "Security
& privacy" page occasionally, to make sure the backup and 2SV contact
details are up to date - check that any old devices you no longer have are
removed from the "Security info" or "App passwords"
sections.
There's no way to monitor which devices have
been marked as trusted for 2SV purposes, but at the bottom of the
"Security & password" page you can at least remove trust from all
machines, cutting off anyone who may have obtained unauthorised access.
There's a whole section of the "Security
& Privacy" area dedicated to "Recent activity".
This is the place to go if you suspect someone's
been intruding on your account. You can view a detailed list of logins,
attempts, 2SV challenges and significant settings changes, and for each one
there is further information on the device type and browser or app used, the IP
address and location.
There's even a little Bing map pinpointing where
the IP address appears to come from, but this may not be very accurate,
particularly for things like POP access from a mobile mail
client.
In case you're worried about any particular
event, the details area for each one provides a large button marked "This
wasn't me". Clicking this will lead to a review of your security settings,
including resetting your password to make sure strangers are kept out.
Finally, the "Related accounts"
section, under "Security & Privacy" lets you view and manage any
accounts you have linked to your Outlook.com account, and also any other apps
and services which may have been granted access.
You should make sure any entries in here are
expected and necessary.
Once you're done with making your Outlook.com
account safer, make sure you are following our general advice in our guide to
securing your webmail.
No comments:
Post a Comment