Make your Microsoft account more secure

Safeguarding your account is a top priority at Microsoft. Help us help you, by taking a few minutes to learn about account security and some simple steps to help protect your Microsoft account.


Use a strong password, and change it often

A strong password:

  • Is at least eight characters long.

  • Contains a mix of letters, numbers, and symbols.

  • Doesn't contain your user name, real name, or company name.

  • Doesn't contain a complete word.

  • Is significantly different from previous passwords.

  • Isn't the same password you use on other web sites, such as for online banking or other email accounts.


Keep your security info up to date

Current security info (like an alternate email address or phone number) helps us to verify your identity if you forget your password or if someone else tries to take over your account. We never use this info to spam you or to try to sell you something—promise!


Watch for suspicious activity

The Recent activity page helps you track unusual or suspicious activity. You can see your latest sign-ins and changes. If you see something wrong or unfamiliar, click This wasn’t me and we’ll take you through a few steps to change your password and review the security info on your account.


Install an antivirus program on your PC

Hackers can steal passwords through malware (malicious software) that's been installed on your PC without your knowledge. For example, it might be accidentally downloaded with something you do want, like a new screen saver. It’s important to clear your PC of viruses or malware before you change your password.

Is your PC running Windows?
Great! Windows Defender is free antimalware software included with Windows 8.1 and Windows RT 8.1, and it updates automatically through Windows Update. If you're running an earlier version of Windows, you can download and install Microsoft Security Essentials for free.

After you install an antivirus program, you should set it to regularly get updates and scan your PC.


Update your operating system, browser, and other software

Most service and app providers release security updates that can help protect your PC. These updates can help prevent viruses and other malware attacks by closing possible security holes.

If you’re using Windows, to make sure that you receive these updates automatically, turn on Windows Update.


Be careful of suspicious emails and websites

Don't open email messages from unfamiliar senders or email attachments that you don't recognize. Viruses can be attached to email messages and might spread as soon as you open the attachment. It's best not to open an attachment unless you expected to receive it. You should also be careful when downloading apps or other files from the Internet, and make sure you recognize the source.


Use a pop-up blocker with your Internet browser

Pop-up windows are small browser windows that appear on top of the website you're viewing. Although most are created by advertisers, some contain malicious or unsafe code. A pop-up blocker can prevent some or all of these windows from appearing.

By default, Pop-up Blocker in Windows Internet Explorer is turned on. SmartScreen Filter also helps identify potentially malicious websites and known malware.


Turn on two-step verification

Two-step verification boosts account security by making it more difficult for hackers to sign in—even if they know or guess your password.

If you turn on two-step verification and then try to sign in on a device we don’t recognize, we’ll ask you for two things:

  • Your password

  • An extra security code

We can send a new security code to your phone or your alternate email address, or you can get one through an authenticator app on your smartphone.