Microsoft this week published an open letter to customers that describes the steps one can take to secure their Windows Live ID, the online account that back's the software giant's Xbox LIVE and other services. The letter is aimed specifically at Xbox users, but will be of interest to anyone who uses a Windows Live ID.
"We take your security and online safety very seriously," writes Alex Garden, the General Manager of Xbox LIVE at Microsoft. "Account hijacking across the Internet continues to grow. It's a thriving, albeit illegal, industry affecting online services the globe over. Last year, there was a surge of personal information being compromised and sold, and this undoubtedly has had an impact on all of us ... We continue to take aggressive steps to help protect you against ever-changing threats. We also care deeply about how this ongoing issue affects your experience with Xbox LIVE and your trust in us."
To this end, Microsoft has a page on its Xbox LIVE web site that explains how Xbox LIVE users--and thus Windows LIVE ID account holders--can better protect their accounts from attack. Called Xbox LIVE Account Security, this page includes an Xbox LIVE security checklist, explains the types of Xbox LIVE account theft that occur, and provides a way to regain control of a hijacked account.
Since I've recently begun using a centralized Windows Live ID more regularly, this information is personally valuable. I use a Hotmail account to manage my personal email, contacts, and calendar, but this account is also the basis for my Xbox LIVE profile, my Zune and Zune Pass memberships, the SkyDrive account that contains work-related documents and notes, and more. Centralized online accounts such as those provided by Microsoft, Google, and Apple are convenient, but they also open you up to a single point of attack. Common sense and good security practices are therefore even more important than ever.
The Xbox LIVE security checklist is particularly interesting. Here, you'll learn about using additional security proofs with your Windows Live ID--something all users should enable---creating strong passwords, and other common sense security principles. If you're using a Windows Live ID in any capacity, please do read through this page and implement its advice where possible. Additionally, ensure you've properly configured your Windows Live ID with a phone number, alternate email address, and other information via the Windows Live ID Account Management site, as Garden advises in his letter.
Microsoft promises that those who do suffer an account breach will be helped more quickly than ever, though to be fair I'm not particularly impressed by the cited response times.
"For most new fraud cases we are now able to investigate and return accounts within three days," Garden says. "For users who have added strong proofs to their accounts, this may be as fast as 24 hours. We still have a few cases that are taking longer to fully recover and some refunds are still being processed, but we're making great strides."
OK, you heard the man, people. Go protect that account.