Jump to content

Why you should set up two factor authentication on your Xbox One (and Microsoft Account in general)


Steve

Recommended Posts

Enabling 2 factor authentication (2FA) makes it FAR less likely that your gamertag/Microsoft Account will be compromised. Without it enabled, if someone gets hold of your username and password, they can take over your account, change the security details, use it to make purchases if you have a payment method attached to your account etc. and it can be a long drawn out process to get your account back, along with any lost funds. Microsoft has a team that deals with this, but it can take weeks to investigate, leaving you locked out during the process. That's why you should try and secure your account to the best of your ability, including enabling 2FA.

 

What does 2FA do?

 

2FA works by using 2 of the following: -

 

1. Something you know (e.g. a username and password)

2. Something you have (e.g. a bank card or your smartphone)

3. Something you are (e.g. your fingerprint or iris)

 

In this case, it uses 1 and 2. You turn 2FA on and install an authenticator app on your phone and run through some steps to set it up, then when you go to log into your Xbox One for the first time after turning 2FA on, you'll get a notification on your phone asking you to approve the login, so you tap on "Approve" or "Deny".

 

Isn't it a pain in the arse, having to approve the login every time I turn my console on?

 

Nope, because you only have to approve it once. Microsoft use a system called "Trusted Devices". The first time you log into your Xbox One after enabling 2FA, you'll be asked to approve or deny the login on your phone. If you approve it, that Xbox One then becomes a trusted device and you do not have to approve the login again.

 

Likewise, if you log into any website with your Microsoft account, for example, the Xbox.com website, as you now have 2FA turned on, you'll need to approve the login via your phone, but if you're doing this from a Windows PC and you use either IE or Edge, you can check a box to say that you trust that particular PC and not to ask you to authenticate again in the future.

 

But what if I use Chrome, Firefox or another non-MS browser to access MS sites?

 

You'd have to authenticate the login any time you logged into a site that uses your MS account. What I do is just use Edge for those handful of websites and Firefox for everything else. Given the security benefits, it's a small price to pay, especially as I'm not visiting MS sites all that often.

 

How does this protect me?

 

So let's say that you've enabled 2FA and logged into your Xbox and authenticated the login. You're all set up. Someone then gets hold of your login details and attempts to sign into a different Xbox One using them. Because that Xbox isn't a trusted device yet, they will need to authenticate the login, which can only be done from your phone. That leaves them locked out.

 

Likewise, if you've signed into an MS website on your PC with IE or Edge and checked the box so you're not asked to authenticate again, if someone tries to log into your account on a different PC, as that's not a trusted PC, the person would be unable to log in without having access to your phone.

 

How do I turn 2FA on?

 

You can turn it on HERE.

 

You can also clear your list of trusted devices via the same page if you ever want/need to.

 

While you're on that page, it's a good idea to change your password if you haven't done it in a while, and choose a unique password that has a decent level of complexity. Also, double-check your security info and enable alerts so that if there's any suspicious activity on your account, MS will email or text you.

 

How can I check for suspicious activity on my account?

 

You can do that HERE. That page will show you all of the recent login attempts on your account, the locations of where they took place, and whether they were successful or not.

  • Like 1
Link to comment
Share on other sites

good info. i just realized that i dont keep any payment info stored on my PSN or Microsoft accounts. I've only made a few purchases on the networks and i never store my card info. Im like that with most things really. yeah, its a pain in the ass to keep re-typing that card in but it may be beneficial in the long run.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...