A guest post by Xbox LIVE General Manager Alex Garden on security improvements at Xbox, and how you can help protect your account.
Earlier this year, I wrote to you about our ongoing efforts to help protect the account security of our nearly 40 million Xbox LIVE members. I received hundreds of emails and the responses ranged from frustration to support, as well as suggestions for making Xbox LIVE the best service it can be. The feedback was great and I’d like to thank everyone who took the time to reach out. This experience has reinforced our belief that Xbox LIVE is not simply an online service but a community built upon the trust and investment of its members.
That’s why I’m pleased to report we’ve worked hard these last several months to further protect our members’ accounts, and more is still to come. Here are some things we’ve done since I last wrote:
We’ve increased notifications to members whose accounts may be compromised to add proofs, update their passwords, and, if necessary, contact Xbox support. This helps our team lock down an account quickly, investigate and restore the account to the rightful owner.
Most importantly, many of our security enhancements and recovery processes are dependent on our members having valid, up-to-date security information in place. I encourage everyone to take five minutes today to check your security information and update it if necessary. If you have any lost or stolen security proofs, update them now to prevent any interruptions to your Xbox LIVE service in the future. We only use this information for your security, and never for marketing or advertising.
It’s a good idea to change your password if you haven’t done so recently, and make sure to use a different username and password for Microsoft versus other online services you access. This way if one company does experience a security breach, your leaked credentials won’t be used against you on other sites. Finally, help the people in your life who may be less security savvy by sharing suggestions like not using common words for passwords. Sadly, “password” and “12345” are still top of the most common password lists when we see breaches occur and passwords posted online.
The Internet has transformed the way we purchase goods and services and added layers of convenience to our lives. Yet, disappointingly, online fraud increasingly victimizes millions of unsuspecting consumers each year. The organized groups of criminals involved do not care about the time or expense experienced by individuals they’ve attacked; or the billions in currency global companies and financial institutions absorb each year from their illegal activities. In the end, all of us pay a high price for online fraud.
That is why our resolve at Microsoft to battle fraud and our commitment to account security is stronger than ever. I hope you’ll take a few moments to protect your account today and as always, I welcome you to share your views or concerns with me as we move forward together.
Alex GardenEmail: Alex dot Garden at Microsoft dot comGeneral Manager, Xbox LIVE
There's a temporary problem with the service. Please try again. If you continue to get this message, try again later.
You forgot one tip, MAKE SURE your password for your xbox account and your password for your alternate emails are different. If they are the same any hacker could access your alternate email and verify ownership with it!
Thanks for the update! :)
I would LOVE 2 step authentication. Facebook uses it, Google uses it even Blizzard. I wouldn't mind that extra step when trying to sign in via the web-browser or for the first time on a different console or guest console.
Major problem. I can't add new proofs because it wants to use my alternate email address to send confirmation which isn't valid anymore!
I have definitely noticed the security enhancements Microsoft has made to Windows Live IDs. But I really do think Microsoft needs some sort of always-available, physical account proof. A Secure SIM in Windows Phone 8 would be an perfect example. Another would be a two-factor authentication device such as the Battle.net Authenticator. Such a device would ideally serve as a last-resort, "ultimate proof" of account ownership, used only when necessary to expedite recovery after an account theft.
With Windows and Office using Microsoft Account as a primary method to authenticate users, Microsoft Accounts are becoming far too valuable to rely on purely internet-based account proofs such as email addresses or even cell-phone numbers. There needs to be physical proofs as well.
Will there ever be Passwords for each single Log-In on the XBox 360 itself? Meaning: When I am not home, i Do NOT want my kids playing on my XBox Live GamerTag, possible messing up my stats or having conversations I would not have with other players (yes, I have a teenager, so my younger one feels the same). I have a Gold Family account. Additionally, if someone were to steal my XBox, I don't want them to have access to my GamerTag/Log-In info.
Goddamn better ban all users who play games 2 weeks before release!!!
When I try to add my Phone Number and Alternate Email I get, "Note: You can use your trusted computer to confirm this information, Sign in from that computer, go to the Account overview page, and then click Confirm next to this information." Under Trusted PC I have two of the same Trusted PC names but one is confirmed and the other unconfirmed. When I try to confirm the unconfirmed PC it gives me the same message. Is there a way I can can make the PC I'm using now my Trusted PC?
@djmoon2069: They already have that. You can remove the saved password on your console, and it'll prompt you to enter the password every time you try and log in.
Well, I'll tell you, M$ how YOU can help my security. You can start with my number one issue with your policy regarding billing. Which is why I no longer subscribe to Goldm, or purchase points online. You see, I had my account hacked, charged 4,000 M$ ponts, which then led to my bank account going negative, which you did NOT reimburse me for. All of this happened because or your UNETHICAL policy of NOT letting me remove my credit card information until AFTER my current billing membership has expired. NOT cool. If I'd been able to remove itfrom the server infromation data base, right after I used it to purchase my Gold membership, not only would my account NOT have been charged 4,000 M$ points, there would have been no need to lock me out of live until the investigation was done, I would have the achievments I earned during that lock out, AND I would probably buy Three more Gold memberships when these expired. BUT, since your policy is to REQUIRE my Credit Card information to stay, see that way if I forget to turn off auto renew, which it should never be defaulted for in the firat place, you gain that extra billing dollar amount not only from me, but the countless thousands of others who forget or don't know about it. Easy money, which is pretty shady, which is you've lost my business, not only for three live gold meberships, but for any future consoles, and any future widows based machines. Done. You did it. And while I know you will NOT change this policu because of my letter, at least I am letting you know why you've lost my business. Keep on truckin' M$, it will be back to take a bite out of your profit, someday.
I meant just lock my GamerTag/Log-On, not the entire console.
I just don't want my kids playing under my name, nor anyone else (if it were stolen).
just put a pass code on your profile??this is a feature thats always been there ;}
it would be nice if you could secure the servers so these sleeze balls can't boot people using cain and able and net tools, and track ip addresses. its disturbing to look on youtube and see people accessing other peoples internet through your servers. someone shows up on my doorstep who gets my information through xbl, i will hold microsoft as accountable as the person doing it.
Hopefully we can get a firm grip o security soon.