Have you recently checked to ensure that your Microsoft account is configured with the highest level of security possible? If not, taking the time to secure your account should only require a few minutes. However, if your account is currently in an insecure state, it may take a bit longer. This topic has been on my mind recently as I have been dedicating a significant amount of time to adding a new chapter to the Windows 11 Field Guide that specifically addresses passkeys, security keys, and related subjects. This has prompted me to finally take the time to comprehensively outline the process of securing a Microsoft account. After careful consideration and multiple revisions, I believe I have achieved a level of detail that is both comprehensive and easily understandable. The updated content will be available soon in the book as well as on this website.
Securing an online account can be quite challenging. Many individuals have been using their Microsoft accounts for a significant amount of time, resulting in accounts being configured in a variety of ways, ignored for extended periods, containing out-of-date information, and various misconfigurations. Furthermore, numerous people may not be utilizing the latest passwordless capabilities available for their accounts and the devices they use. Considering these factors, I believe it is worthwhile to address this topic outside of the book as well.
If you have not yet installed Microsoft Authenticator or a similar authenticator app on your phone, your Microsoft account may be at risk. I encourage you to install this app first. Once installed, you can proceed to the Microsoft account website using your PC and navigate to the Privacy dashboard. Here, you will find a Safety review wizard that provides an overview of your account’s security status. The first step in this process involves ensuring that you have a valid email address and phone number, or two valid email addresses, configured for account recovery. If this information is incorrect, you can make the necessary changes by clicking the “Add or remove” link. Following this, you will proceed to the “Secure sign-in” step to verify your use of Microsoft Authenticator. Finally, you can review and configure additional security options in the Microsoft account Security dashboard.
Enabling two-step verification for your account will significantly increase its resilience against phishing and other attacks. Additionally, you should consider removing “Text a code” from your additional sign-in and verification methods list, as text-based authentication codes are insecure and easily intercepted. Reviewing and updating your profile and account information is also essential. Lastly, you may want to consider going truly passwordless by removing the password from your account. While these steps may require some time and effort, they are crucial for ensuring the security of your Microsoft account. If you encounter any difficulties or require further clarification, please do not hesitate to reach out to me. I am committed to ensuring that you have accurate and complete information.