You can get a Microsoft Account for free, but that doesn't begin to describe its value, especially if you use that account for crucial email and cloud storage. Follow these seven steps to establish a solid baseline of security and protect that account from intruders. What's your most valuable online account, the one most deserving of protection? If you use a Microsoft account to sign in to a Windows PC, that account and its associated email address should be the one you guard most jealously. That's especially true if you use that Microsoft account for OneDrive storage and Office 365 documents. In this post, I list seven steps you can take to help you lock that account down so it's safe from online attacks. As always, there's a balancing act between convenience and security, so I've divided the steps into three groups, based on how tightly you want to lock down your Microsoft account. (It's worth noting that this article is about consumer Microsoft accounts used with Home and Personal editions of Office 365, Microsoft 365, and OneDrive. Security settings for business and enterprise Microsoft 365 accounts are managed by domain administrators through Azure Active Directory, using a completely different set of tools.) Baseline Security is sufficient for most ordinary PC users, especially those who don't use their Microsoft email address as a primary factor for signing in to other sites. If you're helping a friend or relative who's technically unsophisticated and intimidated by passwords, this is a good option. At a minimum, you should create a strong password for your Microsoft account, one that's not used by any other account. In addition, you should turn on two-step verification (Microsoft's term for multi-factor authentication) to protect yourself from phishing and other forms of password theft. When that feature is enabled, you have to supply additional proof of your identity when you sign in for the first time on a new device or when you perform a high-risk activity, such as paying for online purchase. The additional verification typically consists of a code sent as an SMS text message to a trusted device or in an email message to a registered alternate account. Baseline precautions are adequate, but you can tighten security significantly with a couple of extra steps. First, install the Microsoft Authenticator app on your iPhone or Android device and set it up for use as a sign-in and verification option. Then remove the option for using SMS text messages to verify your identity. With that configuration, you can still use your mobile phone as an authentication factor, but a would-be attacker won't be able to intercept text messages or spoof your phone number. The most extreme security, add at least one physical hardware key along with the Microsoft Authenticator app and, optionally, remove email addresses as a backup verification factor. That configuration places significant roadblocks in the way of even the most determined attacker. It requires an extra investment in hardware and it definitely adds some friction to the sign-in process, but it's by far the most effective way to secure your Microsoft account. You need a strong, unique password for your Microsoft account. The best way to ensure that you've nailed this requirement is to use your password manager's tools to generate a brand-new password. Generating a new password ensures that your account credentials are not shared with any other account; it also guarantees that an older password that you might have inadvertently reused isn't part of a password breach. The next step is to save a recovery code. If you're ever unable to sign in to your account because you've forgotten the password, having access to this code will save you from being permanently locked out. On the Microsoft Account Security Basics page, find the Advanced Security Options section and click Get Started. That takes you to the not-so-basic Microsoft Account Security page. Don't leave the Microsoft Account Security page just yet. Instead, scroll up to the Two-Step Verification section and make sure this option is turned on. The setup process is a fairly straightforward wizard that confirms you are able to receive verification messages. If you're using a modern smartphone with an up-to-date version of iOS or Android, you can safely ignore the prompts to create an app password for the mail client on those phones. Microsoft recommends that you have at least two forms of verification available in addition to your password. If you need to reset your password when two-step verification is enabled, you'll need to supply both of those forms of identification or you risk being permanently locked out. A free email address, such as a Gmail account, is acceptable if your security needs are minimal, but a business email address is a much better choice. If necessary, you can have a verification code sent to that address. More complete details can be found on OUR FORUM.