Take 5: Update Your Security Info Today

Xbox blogs
word bubble
join the conversation
You Are Here
Forums Home » Xbox Forums » Xbox.com Blog » Take 5: Update Your Security Info Today
Featured ContentXbox Forums
Options
Settings
Settings

Xbox.com Blog

News and events from all over the Xbox.com community.

Take 5: Update Your Security Info Today

Rate This
18 Jul 2012 3:55 PM
  • Comments 24

A guest post by Xbox LIVE General Manager Alex Garden on security improvements at Xbox, and how you can help protect your account.

Earlier this year, I wrote to you about our ongoing efforts to help protect the account security of our nearly 40 million Xbox LIVE members. I received hundreds of emails and the responses ranged from frustration to support, as well as suggestions for making Xbox LIVE the best service it can be. The feedback was great and I’d like to thank everyone who took the time to reach out. This experience has reinforced our belief that Xbox LIVE is not simply an online service but a community built upon the trust and investment of its members.

That’s why I’m pleased to report we’ve worked hard these last several months to further protect our members’ accounts, and more is still to come.  Here are some things we’ve done since I last wrote:

We’ve increased notifications to members whose accounts may be compromised to add proofs, update their passwords, and, if necessary, contact Xbox support. This helps our team lock down an account quickly, investigate and restore the account to the rightful owner.

  • We’ve taken legal action to pull down online posts of gamertags, usernames and passwords gathered from malware or phishing schemes to help protect our members.
  • Our Xbox LIVE Spring update included many behind the scenes improvements that help us build on security enhancements for the near future.
  • We’re sending unique codes to the security phone numbers and secondary email addresses provided by members to verify authorization for Xbox.com purchases or account change attempts not stemming from a member’s trusted device.
  • We’re working to reduce market incentives for criminal activity. Engaging in identity theft, trading in stolen accounts and committing credit card fraud are illegal and violate our Terms of Use. Those involved in these activities risk criminal prosecution, account and console bans. That goes for both sellers and buyers of known stolen accounts and content.

Most importantly, many of our security enhancements and recovery processes are dependent on our members having valid, up-to-date security information in place. I encourage everyone to take five minutes today to check your security information and update it if necessary. If you have any lost or stolen security proofs, update them now to prevent any interruptions to your Xbox LIVE service in the future. We only use this information for your security, and never for marketing or advertising.

It’s a good idea to change your password if you haven’t done so recently, and make sure to use a different username and password for Microsoft versus other online services you access. This way if one company does experience a security breach, your leaked credentials won’t be used against you on other sites. Finally, help the people in your life who may be less security savvy by sharing suggestions like not using common words for passwords. Sadly, “password” and “12345” are still top of the most common password lists when we see breaches occur and passwords posted online.

The Internet has transformed the way we purchase goods and services and added layers of convenience to our lives. Yet, disappointingly, online fraud increasingly victimizes millions of unsuspecting consumers each year. The organized groups of criminals involved do not care about the time or expense experienced by individuals they’ve attacked; or the billions in currency global companies and financial institutions absorb each year from their illegal activities. In the end, all of us pay a high price for online fraud.

That is why our resolve at Microsoft to battle fraud and our commitment to account security is stronger than ever. I hope you’ll take a few moments to protect your account today and as always, I welcome you to share your views or concerns with me as we move forward together.

Alex Garden
Email: Alex dot Garden at Microsoft dot com
General Manager, Xbox LIVE

 

, ,
Comments
  • 18 Jul 2012 7:56 PM

    There's a temporary problem with the service. Please try again. If you continue to get this message, try again later.

  • 18 Jul 2012 8:22 PM

    You forgot one tip, MAKE SURE your password for your xbox account and your password for your alternate emails are different. If they are the same any hacker could access your alternate email and verify ownership with it!

  • 18 Jul 2012 10:06 PM

    Thanks for the update! :)

  • 19 Jul 2012 1:10 AM

    I would LOVE 2 step authentication. Facebook uses it, Google uses it even Blizzard. I wouldn't mind that extra step when trying to sign in via the web-browser or for the first time on a different console or guest console.

  • 19 Jul 2012 2:26 PM

    Major problem. I can't add new proofs because it wants to use my alternate email address to send confirmation which isn't valid anymore!

  • 19 Jul 2012 2:32 PM

    I have definitely noticed the security enhancements Microsoft has made to Windows Live IDs. But I really do think Microsoft needs some sort of always-available, physical account proof. A Secure SIM in Windows Phone 8 would be an perfect example. Another would be a two-factor authentication device such as the Battle.net Authenticator. Such a device would ideally serve as a last-resort, "ultimate proof" of account ownership, used only when necessary to expedite recovery after an account theft.

    With Windows and Office using Microsoft Account as a primary method to authenticate users, Microsoft Accounts are becoming far too valuable to rely on purely internet-based account proofs such as email addresses or even cell-phone numbers. There needs to be physical proofs as well.

  • 19 Jul 2012 3:41 PM

    Will there ever be Passwords for each single Log-In on the XBox 360 itself? Meaning: When I am not home, i Do NOT want my kids playing on my XBox Live GamerTag, possible messing up my stats or having conversations I would not have with other players (yes, I have a teenager, so my younger one feels the same). I have a Gold Family account. Additionally, if someone were to steal my XBox, I don't want them to have access to my GamerTag/Log-In info.

  • 19 Jul 2012 3:51 PM

    Goddamn better ban all users who play games 2 weeks before release!!!

  • 19 Jul 2012 6:12 PM

    When I try to add my Phone Number and Alternate Email I get, "Note: You can use your trusted computer to confirm this information, Sign in from that computer, go to the Account overview page, and then click Confirm next to this information." Under Trusted PC I have two of the same Trusted PC names but one is confirmed and the other unconfirmed. When I try to confirm the unconfirmed PC it gives me the same message. Is there a way I can can make the PC I'm using now my Trusted PC?

  • 19 Jul 2012 8:09 PM

    @djmoon2069: They already have that.  You can remove the saved password on your console, and it'll prompt you to enter the password every time you try and log in.

  • 20 Jul 2012 2:33 PM

    Well, I'll tell you, M$ how YOU can help my security. You can start with my number one issue with your policy regarding billing. Which is why I no longer subscribe to Goldm, or purchase points online. You see, I had my account hacked, charged 4,000 M$ ponts, which then led to my bank account going negative, which you did NOT reimburse me for. All of this happened because or your UNETHICAL policy of NOT letting me remove my credit card information until AFTER my current billing membership has expired. NOT cool. If I'd been able to remove itfrom the server infromation data base, right after I used it to purchase my Gold membership, not only would my account NOT have been charged 4,000 M$ points, there would have been no need to lock me out of live until the investigation was done, I would have the achievments I earned during that lock out, AND I would probably buy Three more Gold memberships when these expired. BUT, since your policy is to REQUIRE my Credit Card information to stay, see that way if I forget to turn off auto renew, which it should never be defaulted for in the firat place, you gain that extra billing dollar amount not only from me, but the countless thousands of others who forget or don't know about it. Easy money, which is pretty shady, which is you've lost my business, not only for three live gold meberships, but for any future consoles, and any future widows based machines. Done. You did it. And while I know you will NOT change this policu because of my letter, at least I am letting you know why you've lost my business. Keep on truckin' M$, it will be back to take a bite out of your profit, someday.

  • 20 Jul 2012 5:54 PM

    @P00K

    I meant just lock my GamerTag/Log-On, not the entire console.

    I just don't want my kids playing under my name, nor anyone else (if it were stolen).

  • 21 Jul 2012 2:09 AM

    just put a pass code on your profile??this is a feature thats always been there ;}

  • 25 Jul 2012 1:58 AM

    it would be nice if you could secure the servers so these sleeze balls can't boot people using cain and able and net tools, and track ip addresses.  its disturbing to look on youtube and see people accessing other peoples internet through your servers.  someone shows up on my doorstep who gets my information through xbl, i will hold microsoft as accountable as the person doing it.

  • 26 Jul 2012 5:53 PM

    Hopefully we can get a firm grip o security soon.

Page 1 of 2 (24 items) 12