The most exciting from a security viewpoint is the addition of an optional two-step authentication added to Microsoft Account.
Two-Step Authentication added to Microsoft AccountBy far, this is the most welcome change being made. Among the most popular articles here at Security Garden relate to Hotmail security, particularly the two-year old article relating to a hacked Hotmail account.
With two-step verification, often referred to as two-factor authentication, 2FA or TFA, two pieces of information are need to access your Microsoft Account. Both your password plus a code sent to a phone or email address on file as security information are needed. Thus, if your device is lost or stolen or your Microsoft Account password compromised, access to your important information is not possible without that second piece of information.
The two-step verification will work on any device where you use your Microsoft account, including Windows 8, any Web browser, as well as Microsoft apps and services on iOS and Android devices.
In addition, a Microsoft Authenticator app has been released for Windows Phone. The Microsoft Authenticator app can be found at windowsphone.com/en-us/store/app/authenticator/e7994dbc-2336-4950-91ba-ca22d653759b.
Important: It is on your shoulders to keep the security information in your Microsoft Account updated. It is necessary to update your Microsoft Account before you cancel the alternate email address or phone.
If you lose access to your secondary security proof, customer support cannot update it for you and it will be necessary to go through a recovery process that enforces a 30-day wait before you are able to regain access to your account. This is done to ensure someone malicious has not used this as a way to take over your account.
In addition, if you lose access to your password AND all your security information, you will not be able to regain access to your account.
Because the servers are grouped into hundreds of clusters, and only one cluster is upgraded at a time, when the server your account is on has been updated, you will find the option to add two-step verification at https://account.live.com/proofs/Manage.
- Examples with screen copies are available in Paul Thurrott's article, Enable and Use Two-Step Authentication with Your Microsoft Account.
- By Major Nelson for XBox: Using Microsoft Two-Factor Authentication with your Xbox LIVE account
- By Microsoft MVP, Richard Hay, App Issues with Two Factor Authentication for Microsoft Accounts
- Microsoft added this Two-step Verification: FAQ.
- Some of the known applications that require a unique app password to sign in include: Xbox 360, Outlook (when using a Microsoft account) and OneNote.
- How to turn ON/OFF the Microsoft Two-Step Verification? by Microsoft MVP Kunal Chowdhury.
Sign in with any alias on your accountA welcome addition with the update to Outlook.com is the ability to sign in with any alias that you have connected to your account. The process of adding and managing aliases has been simplified, including better advice on when it is better suited to add an alias or rename your primary alias.
Set up or manage aliases at https://account.live.com/names/Manage.
32 new @Outlook email address domainsThe last bit of news is the addition of 32 new @Outlook email address domains. This will provide the ability to have an @Outlook address unique to your country.
Detailed information about this addition is available in the below-referenced articles.
~ ~ ~ ~ ~ ~
I am an Outlook.com Insider. If you have a question about this post or Outlook.com, please leave a comment and I'll do my best to assist. Learn more about the Outlook.com Insiders program here.