Microsoft introduced two-step verification security for its range of accounts back in April, and the company is extending its functionality this week. Over the next couple of days Microsoft accounts will be updated to include recovery codes, security notification control, and a new recent history view. Like many other online accounts, recovery codes will act as a method to retrieve an account if a phone number or email address is no longer accessible using two-step verification. Microsoft’s two-step verification process requires two pieces of security information, like an email address and phone number, to send codes to, and the company is introducing additional ways to control how those are delivered.
Currently, if you know someone’s email address you can initiate a password-reset request that sends an SMS code or will call the individual if they have added their phone to their Microsoft account. “We’ve also heard feedback that some of you would like to have more control over how you receive security notifications,” admits Microsoft’s Eric Doerr. Microsoft appears to be addressing abuse of this particular process by allowing account owners to choose where password reset notifications are delivered. Alongside these improvements there’s also a new recent activity view that lists sign-ins and other account activity so it’s easier to see if someone malicious is using your password to access your account.