Microsoft on Wednesday announced two-step verification will be rolling out to 700 million accounts “over the next couple of days.” The feature will unfortunately be optional, but it’s definitely a move in the right direction especially given the recent slew of hacking incidents.
For those who don’t know, a Microsoft account works across Windows, Microsoft Office, Windows Phone, Xbox, Outlook.com, SkyDrive, Skype, and other various Microsoft services. You can enable the new feature at account.live.com/proofs/Manage if you see it now, or in the next few days if it hasn’t shown up for you yet.
Here’s how the page looks:
For those who don’t know, two-step verification works by asking you, the user, for two pieces of information anytime you want to access your account. Just over a year ago, Microsoft began turning on two-step verification for certain critical activities, such as for editing credit cards and subscriptions at commerce.microsoft.com and xbox.com, or accessing files on another one of your computers via SkyDrive.com.
Once everyone gets this update, you’ll be able to protect your entire account with two-step verification. Again, the only downside here is that the feature is optional and many users thus won’t take advantage of it.
If you do decide to flip the switch, here’s how it will work:
We’ll verify that you have at least two pieces of security information on file (it’s always good to have a second in case you lose the first). If you have a smartphone, we’ll help you set up an authenticator app, which allows you to receive two-step verification codes even while offline (very useful on vacation and to avoid messaging fees). The next time you sign on, you’ll be prompted for a code.
Here are are a few more points we feel are worth noting:
- It works everywhere you use your Microsoft account; on Windows 8, any Web browser, as well as Microsoft apps and services on Android and iOS devices.
- If you have an app or device that doesn’t directly support two-step verification (like your Xbox, or setting up email on your smartphone), you can still use two-step verification by setting up an app password unique to each application or device.
- Windows Phone has received a Microsoft Authenticator app that supports a standard protocol for two-step verification codes and can be used with your Microsoft account and other systems that support them.
- On devices you use regularly, you can select an option to not ask for security codes — you use the code sent to your phone or email only once (per Web browser per device) and Microsoft remembers that device in the future. If you don’t use the device for 60 days, Microsoft will prompt you for a code again for your security.
- If you know your password but lose access to your secondary security proof, customer support cannot update it for you: you have to go through a recovery process that enforces a 30-day wait time before you regain access. If you lose access to your password and all your security info, you will not be able to regain access to your account.
We strongly recommend you turn on two-step verification when you get access to it.
Top Image Credit: Martyn E. Jones