Microsoft adds security to user accounts
Microsoft has followed up its recent general statement of intent to protect customers from government snooping with details of stronger security.
Microsoft has followed up its recent general statement of intent to protect customers from government snooping with details of stronger and smarter security measures.
As part of efforts to distance itself from the US National Security Agency’s surveillance operations, Microsoft last week promised enhanced encryption and legal protections of customer data.
The software firm also announced plans to enhance the transparency of it software code to help re-assure customers that no products contain code that allows access to intelligence agencies.
Now Microsoft has announced the introduction of a “recent activity” option to enable Microsoft account users to see all activity associated with the account.
"We think about protecting accounts as a partnership between us and you – the more you help us (with accurate account info, and updated security info), the more we can help you keep your stuff safe," wrote Eric Doerr, group programme manager, Microsoft account, in a blog post.
More on Prism
- Security Think Tank: Prism fallout could be worse than security risks
- Security Think Tank: Prism is dangerous for everyone
- Security Think Tank: Prism – Sitting duck or elaborate honeypot?
- NSA surveillance whistleblower reveals identity
- US repeatedly hacked China, claims NSA whistleblower
- FBI spies on internet users
- UK links to US internet surveillance remain unclear
- Technology companies call for more transparency over data requests
- Compliance: The Edward Snowden, NSA program controversy continues
For each activity, Microsoft will tell customers what device and browser was used.
By reviewing this activity, which includes a map showing associated locations, customers can alert Microsoft of any activity they did not carry out themselves using a “this wasn’t me” button.
“Our goal with this new experience is to give you peace of mind when everything is going well, and give you actionable information if there’s questionable activity that concerns you,” said Doerr.
Second, Microsoft is introducing “recovery codes” to enable customers to access their accounts when they do not have access to their smartphones or email accounts normally used for two-step authorisation.
However, this does require customers to generate the code in advance and to store it safely so that no-one else can use the code to access their accounts.
"Your recovery code is like a spare key to your house – so make sure you store it in a safe place," said Doerr.
Third, Microsoft is enabling users to choose to receive their security notifications by email or text to increase the likelihood of receiving them.
"Again, this is all about giving you greater visibility and control of your account so that we can work together to help keep your information safe," said Doerr.
Microsoft is one of eight technology firms that have joined forces to call for urgent reforms of all internet surveillance programmes such as Prism in the US and Tempora in the UK.
Google, Apple, Facebook, Twitter, AOL, Microsoft, LinkedIn, and Yahoo, have formed an alliance called Reform Government Surveillance group.
The alliance has drawn up a list of five reform principles, which call on governments to limit surveillance to specific, known users for lawful purposes.
They say governments should not undertake bulk data collection of internet communications and that requests for companies to hand over individual data should be limited by new rules.
