Omar Shahine's blog

yet another Microsoft blogger

Protect your Live ID now

One of the most important things you can do these days is secure your online email accounts and identities. It is the Achilles heel of your life. It so happens that almost any online account you have can be compromised if someone gets access to your email account. They can reset your Facebook account, any eCommerce account, Amazon account etc.

So how can you ensure that you are protected? Google, Yahoo and Microsoft provide a number of tools to protect you. They come in the form of "proofs". A proof is like a secondary form of identification to ensure that yes, you really are who you are.

When you go and get a Passport, Driver's license etc you are usually required to show 2 forms of identification. This provides a higher level of proof proving who you are. Email accounts are gaining many similar capabilities, and these tools are there to protect you from the bad guys who are trying to steal your email account.

I am going to focus on what we've done in Windows Live to help protect your account. In my opinion the features below represent an industry leading set of tools to keep you in control of what is arguably one of your most important assets. I'm really proud of the breadth of tools here.

First lets start with the most basic forms of reset tools, 1) secret question & answer and 2) secondary email account.

Secret Question & Answer

There is nothing secret about these answers. This is a pretty much completely useless way to protect your account. They are the lowest common denominator for recovering your password should you forget it, but they are also incredibly easy for hackers to defeat. 

My recommendation is to use completely garbage characters as your answers (and store these somewhere). This way someone can't social engineer their way into your account.

Microsoft Research published an great paper on the ineffectiveness of this tool.

Secondary Account

This is another common way to gain access to your account if you forget your password. However, this is not much better than a Secret Question & Answer unless your secondary email account is sufficiently difficult to hack, phish or social engineer.

I happen to use my Microsoft email address as my secondary account because the security measures our IT department places on our email accounts and passwords is close to what a bank would have in place to protect your bank accounts. My password cannot be "reset" and the IT department enforces strict password policies and requires you to change your password frequently.

However, for people that don't have a work email account, the worst thing you can do is to set your secondary account to another webmail provider where you probably use the same password and secret questions & answers making it easy for a hacker to hack both your accounts.

SMS Proof

An SMS proof is a way to add your mobile phone number as a way to secure your account. Certain tasks like resetting your password, adding a Trusted PC (more on that later) and notifications about important account changes can utilize your phone as a powerful tool to protect your account.

It's very difficult for an attacker to gain access to your phone, and even more difficult to spoof / social engineer access to your phone number. As a result this is a very cost effective and easy mechanism to protect your account.You all have a mobile phone so...

YOU SHOULD ALL DO THIS NOW

All the major services I know of allow you to protect your account with an SMS proof. Windows Live takes this one step further by allowing you to use Single Use Codes to temporarily gain access to your account from an untrustworthy environment (like a kiosk).

To add your SMS number to your Windows Live Account just go to http://account.live.com and complete the steps to add your Mobile Phone.

Smsproof

Trusted PC

Trusted PC is a really neat way to protect and re-gain access to your account. You basically tell Windows Live to trust the computers that you use frequently, like your home PC, laptop, or Work PC. If your account were to get compromised you can easily re-gain access to your account just by logging in from your Trusted PC. This provides a near immediate and simple way to both protect and recover your account in the case of the bad guy hacking into your Live ID.

I highly recommend you add at least 2 trusted PCs to your account so that account recovery is a simple process in the unfortunate event you get hacked like I did a few years ago.

You can add a Trusted PC by installing Windows Live Essentials.

For more background on Trusted PC see this blog post by John Scarrow, the GM of Safety Services in Windows Live.

Resetting your password
Now when you need to reset your password you'll get the following choices:

Reset

And if you select any of these options you get a list of choices depending on the kinds of proofs you have.

Trusted

Go protect your account now!

Apple TV is still a hobby

A few days go I received my Apple TV. The box was comically small, and the contents smaller. However, that's where the fun ended.

Whatis_gallery_slide120100901

The Apple TV is still a hobby for Apple. For $99 I wasn't too worried about it being a dud, for it does have one useful feature: Netflix streaming. However, this is by no means the best Netflix streaming experience. That belongs to Xbox and Windows 7 Media Center.

There are a few things that surprised me about the Apple TV, especially compared to the previous version which I also own.
  1. It only supports 720p. I have no idea why.
  2. You cannot download / watch movies that aren't available for rental. In order to do this you need to have iTunes running on a PC in the home, turned on with the content you want to watch.
  3. Its got an IR remote.
  4. Can't use AirPlay yet

#1 is just weird when the previous Apple TV supported 1080p.

#2 is what makes the device rather silly. Apple doesn't have much rental TV content. But the fact that I have to use a PC, or iPod and purchase gigabytes of crap just to watch a TV episode once?

When will Apple make a device that doesn't require iTunes for something critical? Cut the cord already.

#3 is also weird. I mean, the thing is so small my plan was to velcro it to the back of the TV. But no RF remote? And no support for HDMI-CEC?

#4 is a bit unexpected since a bunch of early adopters got this device and can't use one of the touted features. Perhaps this will make the Apple TV more useful, but I find it curious that Apple is not touting AirPlay as "open" or using DLNA which is basically the same thing, except with broad industry support. I wonder if AirPlay is Apple's attempt to hoist their dock connector control on the ecosystem to lock out other folks who don't license from them.

I look forward to getting my Boxee box and comparing it to the Apple TV. But for now, I don't expect to use this much.