Microsoft announced yesterday that it will complement the two-factor authentication it enabled for account holders in April with additional security features designed to deny account hijacking and unauthorized access.
Windows PC and mobile users, along with Outlook, SkyDrive, Xbox, Skype and other Microsoft services users will soon have three new capabilities to further prop up their accounts.
The most novel may be a dashboard view that presents a user with a log of recent activity, such as log-in attempts—including failed attempts—as well as the addition or deletion of security information and the type of device and browser used for a particular activity. Location is displayed on a map, as well as timestamp data.
“You know best what’s been happening with your account – so the more we give you tools to understand what’s happening, the better we can work together to protect your account,” wrote Eric Doerr, a group program manager at Microsoft. “For example, a login from a new country might look suspicious to us, but you might know that you were simply on vacation or on a business trip.”
Users who determine there has been suspicious or unauthorized activity can click on a “This wasn’t me” button that will then display steps the user can take to secure their accounts.
In addition, users who have already enabled two-factor authentication will be able to generate a recovery code to access their accounts without having to use the information provided during the setup of two-factor.
“Because two-step verification setup requires two verified pieces of security information, like a phone number and email address, it will be a rare occasion when both options fail, but in the event they do, we’ve got you covered,” Doerr said.
Microsoft said that any account user will be add a recovery code to their account, but users will be able to request only one recovery code at a tme; requesting a new one cancels the old one, Doerr said.
“Your recovery code is like a spare key to your house,” Doerr said. “So make sure you store it in a safe place.”
The final new feature users may expect is additional management of security notifications, such as password resets. Users will be able to select, for example, whether they want security notifications send to an email address or a mobile device via text message.
Microsoft account holders have had two-factor authentication at their disposal since April. Users are asked to provide two pieces of security information that Microsoft stores; the user will enter a password, for example, and then have a code sent to their mobile device as a second authenticator.
Microsoft also released an Authenticator app for Windows Phone; the app is built on a standard authentication protocol meaning that it could be used on other Web-based services such as those offered by Google, Dropbox and others.