One of the most important things you can do these days is secure your online email accounts and identities. It is the Achilles heel of your life. It so happens that almost any online account you have can be compromised if someone gets access to your email account. They can reset your Facebook account, any eCommerce account, Amazon account etc.
So how can you ensure that you are protected? Google, Yahoo and Microsoft provide a number of tools to protect you. They come in the form of "proofs". A proof is like a secondary form of identification to ensure that yes, you really are who you are.
When you go and get a Passport, Driver's license etc you are usually required to show 2 forms of identification. This provides a higher level of proof proving who you are. Email accounts are gaining many similar capabilities, and these tools are there to protect you from the bad guys who are trying to steal your email account.
I am going to focus on what we've done in Windows Live to help protect your account. In my opinion the features below represent an industry leading set of tools to keep you in control of what is arguably one of your most important assets. I'm really proud of the breadth of tools here.
First lets start with the most basic forms of reset tools, 1) secret question & answer and 2) secondary email account.
Secret Question & Answer
There is nothing secret about these answers. This is a pretty much completely useless way to protect your account. They are the lowest common denominator for recovering your password should you forget it, but they are also incredibly easy for hackers to defeat.
My recommendation is to use completely garbage characters as your answers (and store these somewhere). This way someone can't social engineer their way into your account.
Microsoft Research published an great paper on the ineffectiveness of this tool.
This is another common way to gain access to your account if you forget your password. However, this is not much better than a Secret Question & Answer unless your secondary email account is sufficiently difficult to hack, phish or social engineer.
I happen to use my Microsoft email address as my secondary account because the security measures our IT department places on our email accounts and passwords is close to what a bank would have in place to protect your bank accounts. My password cannot be "reset" and the IT department enforces strict password policies and requires you to change your password frequently.
However, for people that don't have a work email account, the worst thing you can do is to set your secondary account to another webmail provider where you probably use the same password and secret questions & answers making it easy for a hacker to hack both your accounts.
An SMS proof is a way to add your mobile phone number as a way to secure your account. Certain tasks like resetting your password, adding a Trusted PC (more on that later) and notifications about important account changes can utilize your phone as a powerful tool to protect your account.
It's very difficult for an attacker to gain access to your phone, and even more difficult to spoof / social engineer access to your phone number. As a result this is a very cost effective and easy mechanism to protect your account.You all have a mobile phone so...
YOU SHOULD ALL DO THIS NOW
All the major services I know of allow you to protect your account with an SMS proof. Windows Live takes this one step further by allowing you to use Single Use Codes to temporarily gain access to your account from an untrustworthy environment (like a kiosk).
To add your SMS number to your Windows Live Account just go to http://account.live.com and complete the steps to add your Mobile Phone.
Trusted PC is a really neat way to protect and re-gain access to your account. You basically tell Windows Live to trust the computers that you use frequently, like your home PC, laptop, or Work PC. If your account were to get compromised you can easily re-gain access to your account just by logging in from your Trusted PC. This provides a near immediate and simple way to both protect and recover your account in the case of the bad guy hacking into your Live ID.
I highly recommend you add at least 2 trusted PCs to your account so that account recovery is a simple process in the unfortunate event you get hacked like I did a few years ago.
You can add a Trusted PC by installing Windows Live Essentials.
For more background on Trusted PC see this blog post by John Scarrow, the GM of Safety Services in Windows Live.
Resetting your password
Now when you need to reset your password you'll get the following choices:
And if you select any of these options you get a list of choices depending on the kinds of proofs you have.
Go protect your account now!