These days, I am very popular in Russia, Ukraine, Moldova, Bosnia-Herzegovina and even Albania. At least, this is what is based on this list of recent efforts to sign in my Microsoft account:
These attackers do not know that each password is wrong for this password -free account.
Screenshot by ED BOTT/ZDNET
If you are curious about who is trying to sign in to your Microsoft account, then go to this management page: https://acccount.microsoft.com. After signing in, click on security and “see my sign-in activity.”
In my case, those desperate hackers are wasting their time. They can try every combination of letters, numbers and symbols in every alphabet known to humanity, even if it takes to the end of the universe, and they will not guess passwords for my microsoft account.
Also: 10 Pasaki Survival Tips: Now prepare for your passwordless future
Why am I so confident? Because, long ago, I opted to make that account password free. If some strangers want to sign in to my account on a new device, they will have to celebrate them to approve the sign-in device I have already set. (Sorry, Ivan, I say Nate For unwanted requests from Russia.)
Should you go to passwordless?
Microsoft wants you to do the same as I did and dig your password. This month, the company rolled out a new user experience, “adapted to a password-free and first experience.”
Too: The best VPN services (and how to choose for you)
So, should you do this? For most people, the answer is yes. Removing your password dramatically increases the safety of your microsoft account and makes it more resistant to fishing attacks. Once you remove your password, the only way to sign in a device is saved in biometrics (fingerprint or face recognition), hardware security keys, syncable passwords in password manager, or proved your identity to answer push notifications on a reliable device as shown here.
The default method to sign in to the password -free microsoft account is with you an authentic app on your own device.
Screenshot by ED BOTT/ZDNET
The only technical reason for making this change is that if you use old apps or hardware devices that do not support modern authentication methods: Office 2010 or before; Mac 2011 or before offices; Xbox 360; Or a PC is running Windows 8.1 or before. If you use a remote desktop feature to connect to another PC using your microsoft account, you will also participate in problems.
Going to passwordless is not a step that you take carelessly. Along with this, there is an increased risk that you will exclude from your account. You can reduce the risk by ensuring that you have several safe ways to reach your account before taking out your password.
Ready to start? let’s go.
Step 1: Check your current safety settings
Go to your Microsoft Account Management Page https://acccount.microsoft.com And sign in using your password. Click on the Security Tab and then “Manage how I sign in.” That one page shown here should open:
Add at least two ways to prove who you are. An authentic app and an email address are your best options.
Screenshot by ED BOTT/ZDNET
It is an account I have created for the test purposes. It has a password, and I have added an email address used for verification purposes. Pay attention to two options under the title “Additional Security”-the additionless account and two-phase verification are closed.
Click “Add a new way to sign or verify”. This opens the page shown here:
Use another option to set as a way to sign the Microsoft Authentic App.
Screenshot by ED BOTT/ZDNET
Step 2: Set a Uuthenticator app on your mobile device
Click on the middle option, “Use an app.” It gives you two options. Microsoft authentic app depends on push notifications; You can also set a classic time-based one-time password (TOTP) authenticator and generate six-numeric codes supplied on the request you request.
To use Microsoft Artist, download and install the Microsoft Authentic App on your mobile device and then click next to display the QR code shown here:
Scan this QR code to set your Microsoft account in the authentic app.
Screenshot by ED BOTT/ZDNET
Open the authenticator app on your mobile device, click on the plus sign, and scan the QR code using a smartphone camera to add your new account. The result should look something like this:
After making your account a password free, the password option will disappear.
Screenshot by ED BOTT/ZDNET
If you like to use another TOTP app, such as Auti or Google Artist, click “Use the App”. “Set Microsoft Authentic Dialogue, select the option to set a separate authentic app. It produces a time code that creates a standard 6-a-totp code, which you need to certify, when you can use this option with a microsoft authenticator and then add a separate app that is to add a separate application that is to add a separate application that is, Microsoft can use information, the second one that uses TOTP code.
Step 3: Set at least two other methods to sign in
The authent app provides an easy way to sign in without a password. But what happens if you lose your phone? When you need an alternative sign-in method. If you have a two-step verification set up, you will need two factors.
- Click “Email one code” to enter an alternative email address.
- Click “Show more options” to display the option to enter the phone number where you can get a code via SMS. In addition to your personal phone, consider adding the phone number that relates to your spouse or partner, who gives you an additional option if your own phone is lost or stolen.
- Select the “Use an app” and set a non-microsoft authentic app as described in step 2. (If possible, consider setting that app on a phone other than your primary phone.)
- Choose “face, fingerprint, pin, or security” option to make hardware-based passki, using Windows Hello with face recognition or fingerprint reader on Windows PC, or an Apple ICloud Kechen Passki, using Touch ID on MacBook. You can also use this option with USB security key.
- If your password manager supports this feature, you can make a passki that sinks between the equipment. Dashlane, 1password, and Bitwarden all support the passesis.
Step 4: Create a recovery code and save it to a safe place
Do not skip this step! This is your “Emergency, Break Glass” option.
From step 1 to “How I sign in” go back to and scroll in all ways below the page. Under the title “Recovery Code”, click on the option to generate a new code. Print it and save the code to a safe place. Maybe consider sending a copy to a reliable family member who can overcome it when you need it.
Also: If we want a password -free future, then let’s get our pass story directly.
If everything else fails, this code will determine that you can recover your account.
Step 5: Turn on a passwordless option
You do not have to do this step immediately. All password -free options you set (authenticator app, passage, and so on) will work immediately. Give yourself one or two weeks to ensure that everything is working as expected. When you are ready, go back to “how I sign in”, scroll on the “password -free account” section, and turn on that option.
