Microsoft this week unveiled three new security features it's adding to the ubiquitous Microsoft account. Each change is based on user feedback and each provides new levels of visibility and control, the firm says.
These changes come in the wake of April's major security addition: Two-step authentication. I explained this feature in Enable and Use Two-Step Authentication with Your Microsoft Account and now use Microsoft's Authenticator app on my Windows Phone handset to protect multiple accounts.
The three new features are being implemented sometime this week. They include...
This feed-like interface will provide a list of your recent sign-ins and other account activity so you can make sure nothing spurious is going on. And a "this wasn't me" button will let you take steps to protect your account, while helping Microsoft refine its protection mechanisms.
Aimed at users of two-step authentication, this new feature will let you get into your account when both security verifications fail. (Rare, but it can happen.) Now you'll be able to create a secure recovery code, which can be used to regain access to your account if you lose access to your other security information. "Your recovery code is like a spare key to your house – so make sure you store it in a safe place," Microsoft group product manager Eric Doerr writes in a new post to the Official Microsoft Blog. "You can only request one recovery code at a time; requesting a new code cancels the old one."
More control of security notifications
A new security notifications feature will let you choose where you will receive notifications for certain events like password resets. (Some notifications are mandatory.) These notifications can be delivered via email or text message.
I don't see these changes yet in my own Microsoft account, but I'll keep checking.
And in addition to these changes, Microsoft has also updated its guidance for keeping your Microsoft account secure. Be sure to check out Make your Microsoft account more secure and do the right thing.