Signing in to Windows 10 with a Microsoft account is convenient, unless your password is stolen or phished. Protect yourself by turning on additional security features.
The default settings for Windows 10 strongly encourage you to sign in with a Microsoft account. Although it’s easy enough to switch to a local account, there are good reasons for connecting that Microsoft account, including the ability to easily sync settings between devices.
But that powerful account is potentially a source of headaches if your credentials are stolen or phished. To protect yourself, I recommend that you turn on Microsoft’s additional security features, which require a second form of authentication if someone tries to use those credentials on an unknown device.
The option is buried deep in the web interface for a Microsoft account. Fortunately, there’s an easy-to-remember shortcut:
Signing in with your Microsoft account at that page gives you access to three advanced security settings:
Two-step verification forces you to provide a second proof of identity when you sign-in on an untrusted device. That code can be sent to an email address, delivered as a text message to your mobile phone, or generated by an authenticator app on your mobile phone
The trusted devices list lets you skip the second factor on a device you own after you successfully prove your identity. If a device is stolen, or you suspect you’ve been compromised, you can clear this list and force a 2FA prompt.
A recovery code is worth printing out and saving in a secure location as a way to regain access if you lose access to other verification options.
Note that if you turn on two-step verification, you’ll need to generate app passwords for signing in to Xbox, Microsoft Outlook, and third-party apps that can’t receive a 2FA code.
Given the havoc that a hacked account can cause, I strongly recommend visiting this page and tightening up your Microsoft account security.
Written previously posted at ZD Net