Towerwall Information Security Update Vol 13.78 – 3 ways to make your Outlook.com account safer

3 ways to make your Outlook.com account safer

by John Hawes

 

Following on from our detailed guide to securing your webmail, here’s a quick breakdown of how to make the most important fixes for users of Microsoft’s Outlook.com (formerly known as Hotmail and, for a while, Windows Live Hotmail).

Controls affecting Outlook.com security are mainly found in one central place, which can be accessed by clicking your username (this will probably be your name), shown in the top right of any live.com page when you’re logged in, and selecting “Account settings”.

image001

1. Protect your password

Your first step should be to make sure your password is well chosen and not shared.

If you need to set a new one, visit the “Security & privacy” section of the Account settings page.

image002

You’ll then have to verify your account with a security code, which you can do by email or text.

At the top you’ll see when your password was last changed, with an option to change it below.

Just below that, in the section labelled “Security info helps to keep your account secure”, you’ll find any backup email addresses or phone numbers you’ve given to Microsoft to help verify your identity if you get locked out of your account.

Make sure these are a good way of getting in touch with you, and are not easily accessible by people you don’t trust.

These contact points will also be used to send alerts if Microsoft spots any suspicious activity – you can choose whether or not to receive alerts by phone and whether to have them sent to multiple email addresses, but the primary alternate email must always get alerts.

If you need help picking a good password then our video should help:

→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.

2. Set up two-step verification

On the same screen you can also set up two-step verification.

Scroll down to the next section of the “Security & privacy” page.

When you follow the link to set it up, Microsoft recommends using a smartphone app, which will vary depending on what kind of device you use.

Windows Phone users can get Microsoft’s own authenticator app, Android users can use the Microsoft Account app, and those with iOS devices will need Google’s multi-purpose Authenticator.

image003

Each has its own process for setting up, but most will simply require you to scan a QR code displayed on-screen. Once set up, you should be able to use the code generated by the app any time you want to log in to your account.

If you choose not to use an app, or don’t have a smartphone, you can have codes sent by SMS to the number you provide, or by email to one of your alternative accounts, but Microsoft will continue encouraging you to opt for the app approach, at least until you tell it to stop.

image004

When you log in with a 2SV code, there will be an option to trust the device you’re using and not ask for any more codes, so in future you’ll only need your normal password.

Only check the box if you’re on a machine you use regularly and know to be kept well-secured.

As part of setting up 2SV, you’ll be given an emergency backup code. This is used if you ever lose access to the apps, phone numbers and email addresses provided for 2SV codes.

Outlook.com recommends you print it and keep it somewhere very safe, but if you find it easier to keep it in a file on your (well secured) computer, make sure it’s very well encrypted.

In the “Recovery codes” section you can choose to renew the emergency backup code if you no longer have it.

image005

3. Check your settings

You should consider checking the “Security & privacy” page occasionally, to make sure the backup and 2SV contact details are up to date – check that any old devices you no longer have are removed from the “Security info” or “App passwords” sections.

There’s no way to monitor which devices have been marked as trusted for 2SV purposes, but at the bottom of the “Security & password” page you can at leastremove trust from all machines, cutting off anyone who may have obtained unauthorised access.

image006

There’s a whole section of the “Security & Privacy” area dedicated to “Recent activity“.

image007

This is the place to go if you suspect someone’s been intruding on your account. You can view a detailed list of logins, attempts, 2SV challenges and significant settings changes, and for each one there is further information on the device type and browser or app used, the IP address and location.

image008

There’s even a little Bing map pinpointing where the IP address appears to come from, but this may not be very accurate, particularly for things like POP access from a mobile mail client.

In case you’re worried about any particular event, the details area for each one provides a large button marked “This wasn’t me”. Clicking this will lead to a review of your security settings, including resetting your password to make sure strangers are kept out.

Finally, the “Related accounts” section, under “Security & Privacy” lets you view and manage any accounts you have linked to your Outlook.com account, and also any other apps and services which may have been granted access.

You should make sure any entries in here are expected and necessary.

Once you’re done with making your Outlook.com account safer, make sure you are following our general advice in our guide to securing your webmail.

Towerwall’s Candy Alexander Receives 2014 ISSA Award for “Hall of Fame”

We are proud to announce that our own Candy Alexander will receive the ISSA “Hall of Fame” Award. See below for more information:

Honoree to be Recognized Among RSA Founders at ISSA International Conference on Oct. 22 in Orlando

BOSTON, MA–(Marketwired – Oct 9, 2014) –  Towerwall (www.towerwall.com), an IT security services provider for small to mid-size businesses, today announced that Candy Alexander, CISSP CISM, GRC Consultant for Towerwall, been inducted into the Hall of Fame by the Information Systems Security Association (ISSA). The Hall of Fame pays homage to an individual’s exceptional qualities of leadership in their own career and organization as well as an exemplary commitment to the information security profession.

Candy is in good company, others that have been inducted into the Hall of Fame this year are: Ron Rivest, Adi Shamir and Len Adleman which collectively are responsible for the “RSA” public key cryptography algorithm and co-founders of the company RSA.

Founded in 1993 and based in Framingham, Massachusetts, Towerwall provides organizations such as Biogen Idec, Middlesex Savings Bank, Bahamas Telecom, Brown University and Smith & Wesson, with IT security technology services required for secure business-class networks.

The ISSA is the only independent forum dedicated to advancing the development of cybersecurity professionals, their organizations and critical infrastructure worldwide, ISSA has fostered many of the industry’s most respected leaders and is driving the future of the cybersecurity profession.

The ISSA International Awards will be presented at a special ceremony and luncheon during the fifth annual ISSA International Conference, to be held October 22-23, 2014 at Disney’s Contemporary Resort in Orlando Florida. The event, themed “Cybersecurity – Driving our Destiny,” brings together a who’s who of the cybersecurity community to advance peer networking, individual growth, and end-user security awareness; explore new ways to approach global problems; and embrace technology and partnerships within the business.

“Each generation brings us those few individuals who excel among their peers. We proudly congratulate Candy Alexander as a 2013 honoree in recognition of her/his superior knowledge and commitment to the growth of cybersecurity as a field,” said Donald Glass, Kerzner International and ISSA Awards Chair. “As the reach of technology increases seemingly to all aspects of our lives, it is both fitting and imperative that we keep working on the betterment of all facets of our profession and honor those whose efforts go above and beyond. Therefore, we are well-pleased to recognize Candy Alexander who has been on the cutting-edge of the advances in information security throughout her career.”

About ISSA

The Information Systems Security Association (ISSA)® is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. ISSA members and award winners include many of the industry’s notable luminaries and represent a broad range of industries — from communications, education, healthcare, manufacturing, financial and consulting to IT — as well as federal, state and local government departments and agencies. Through regional chapter meetings, conferences, networking events and content, members tap into a wealth of shared knowledge and expertise. Visit ISSA on the web at www.issa.org and follow us on Twitter at @ISSAINTL.