Make your Microsoft account more secure

Safeguarding your account is a top priority at Microsoft. Help us help you, by taking a few minutes to learn about account security and some simple steps to help protect your Microsoft account.


Create a strong password

A strong password:

  • Is difficult for anyone to guess or hacker to decode

  • Is at least eight characters long

  • Contains a mix of letters, numbers, and symbols

  • Doesn't contain your user name, real name, or company name

  • Doesn't contain a complete word

  • Is significantly different from previous passwords

  • Isn't the same password you use on other web sites, such as for online banking or other email accounts


Keep your security info up to date

When your security info (like an alternate email address or phone number) is current, we can use it to verify your identity if there's ever a problem. For example, if you forget your password, or if someone else tries to take over your account, Microsoft uses your security info to help you get back into your account. We'll never use this info to spam you or for any marketing purposes.


Monitor your account for suspicious activity

The Recent activity page shows you when and where you’ve signed into your Microsoft account, or if you’ve made changes to it. You can periodically check this page for unusual activity, such as a sign-in from a location you don’t recognize. If you do find suspicious activity, click “This wasn’t me” and we’ll take you through a few steps to change your password and review the security info on your account.


Install an antivirus program on your PC

Many hackers steal passwords through malware (malicious software) that's been installed on your PC without your knowledge (for example, when you download a new screen saver or toolbar). It’s important to clear your PC of viruses or malware before you change your password. That way, the hackers won’t get your new password.

If you’re using Windows 8.1 or Windows RT 8.1, Windows Defender is free antimalware software included with Windows, and you can update it automatically through Windows Update. If you're running an earlier version of Windows, you can download and install Microsoft Security Essentials for free.

After you install an antivirus program, set up the program to get updates and scan your PC on a regular basis.


Turn on two-step verification

Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account:

  • Your password

  • An extra security code

Two-step verification helps protect your account by making it more difficult for a hacker to sign in, even if they've somehow learned your password. If you turn on two-step verification, you'll see an extra page every time you sign in on a device that isn't trusted. The extra page prompts you to enter a security code to sign in. We can send a new security code to your phone or your alternate email address, or you can obtain one through an authenticator app on your smartphone.


Update your operating system, browser, and other software

Most service and app providers release periodic security updates that can help protect your PC. These regular updates can help prevent viruses and other malware attacks by closing possible security holes.

If you’re using Windows, turn on Windows Update to make sure that you receive these updates automatically.


Be careful of suspicious emails and web sites

Don't open email messages from unfamiliar senders, or email attachments that you don't recognize. Many viruses are attached to email messages and will spread as soon as you open the attachment. It's best not to open any attachment unless it's something you're expecting.


Use a pop-up blocker with your Internet browser

Pop-up windows are small browser windows that appear on top of the website you're viewing. Although most are created by advertisers, they can also contain malicious or unsafe code. A pop-up blocker can prevent some or all of these windows from appearing.

Pop-up Blocker in Windows Internet Explorer is turned on by default. SmartScreen Filter also helps identify potentially malicious websites and known malware.