Thursday, April 18, 2013

Outlook Explodes With Exciting Changes!
The recent rumor about the addition of two-step verification being added to the Microsoft Account was true.  The announcement about this and other changes to made in The Official Microsoft Blog and the Outlook Blog are both welcome as well as exciting.

The most exciting from a security viewpoint is the addition of an optional two-step authentication added to Microsoft Account.

Two-Step Authentication added to Microsoft Account

By far, this is the most welcome change being made.  Among the most popular articles here at Security Garden relate to Hotmail security, particularly the two-year old article relating to a hacked Hotmail account.

With two-step verification, often referred to as two-factor authentication, 2FA or TFA, two pieces of information are need to access your Microsoft Account.  Both your password plus a code sent to a phone or email address on file as security information are needed.  Thus, if your device is lost or stolen or your Microsoft Account password compromised, access to your important information is not possible without that second piece of information.

The two-step verification will work on any device where you use your Microsoft account, including Windows 8, any Web browser, as well as Microsoft apps and services on iOS and Android devices.

In addition, a Microsoft Authenticator app has been released for Windows Phone.  The Microsoft Authenticator app can be found at

Important:  It is on your shoulders to keep the security information in your Microsoft Account updated.  It is necessary to update your Microsoft Account before you cancel the alternate email address or phone.

If you lose access to your secondary security proof, customer support cannot update it for you and it will be necessary to go through a recovery process that enforces a 30-day wait before you are able to regain access to your account.  This is done to ensure someone malicious has not used this as a way to take over your account.

In addition, if you lose access to your password AND all your security information, you will not be able to regain access to your account.

Because the servers are grouped into hundreds of clusters, and only one cluster is upgraded at a time, when the server your account is on has been updated, you will find the option to add two-step verification at


Sign in with any alias on your account

A welcome addition with the update to is the ability to sign in with any alias that you have connected to your account.  The process of adding and managing aliases has been simplified, including better advice on when it is better suited to add an alias or rename your primary alias.  

Set up or manage aliases at

32 new @Outlook email address domains

The last bit of news is the addition of 32 new @Outlook email address domains. This will provide the ability to have an @Outlook address unique to your country.

Detailed information about this addition is available in the below-referenced articles.

~   ~   ~   ~   ~   ~

I am an Insider.  If you have a question about this post or, please leave a comment and I'll do my best to assist.  Learn more about the Insiders program here.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: