The last time Microsoft account was added with new features was back in April when we exclusively reported that the service would get two-factor authentication. Since then, Microsoft also dropped support for linked accounts and urges users to use aliases instead. Today, LiveSide has exclusively learnt that Microsoft is planning another set of enhancements to their Microsoft account service, with the aim to improve the security and recovery process of their users’ accounts. These enhancements include:
- Recent account activity review – Microsoft account will soon add the ability for users to review their recent account activities, including successful sign-ins, account recovery attempts, and other account-related activities. As part of the report, users will be able to view the location, IP address, date and time, device/platform, and browser/app the activity was performed from. Check out the screenshot below of an example recent activity report:
Users will be able to report any suspicious activities by clicking the “This wasn’t me” button, which will prompt the user to change their password and security info to protect them against further suspicious activities.
This feature is similar to Google Account’s Recent Activity feature, which provides the same information to users.
- New account recovery options – Microsoft account will also add a new method of account recovery – Recovery codes. A string of random security code can be generated using the Microsoft account website which the user have to note down and store it in a safe place, and can then be used to recovery their account in case they forget their password. We assume this has to be used in conjunction with another security verification method, such as an alternate email address, mobile device, or an Authenticator app.
LiveSide understands that the current recovery method of using a “Security question” may soon be retired and replaced with the above “Recovery code” method instead. This change is likely due to research studies showing that these security questions (e.g. your mother’s maiden name) are probably the weakest link in the security of an user’s account.
- Manage security notifications – Users will also soon be able to choose where they would like to receive security notifications about their account (such as when someone attempts to take over the account). By default, these security notifications will always be sent to the user’s primary email address, but a user can choose to have them also sent to their mobile device or alternate email addresses.
As always, whilst we try to be as accurate as possible with the information above, these upcoming features may change anytime before their are officially released. Unfortunately, we do not yet know when these features will be released, but we’ll keep you updated as soon as we receive anything new. So stay tuned!