“It’s a new world” out there in terms of digital identity and security, Microsoft said Monday. And, this world is far more dangerous than it used to be.
In order to mitigate e-mail infiltration by hackers and wrongdoers, Microsoft has announced that it’s tossing linked accounts for its Outlook.com service and instead will be using aliases.
“There are a number of people who have more than one email address and want to manage these multiple email addresses from Outlook.com,” Microsoft account group program manager Eric Doerr wrote in a blog post Monday. “Over the next couple months, we will stop supporting linked accounts and instead help people move to a more robust and secure way of managing multiple email addresses: aliases.”
The way that aliases are different from linked accounts is that all aliases will be tied to a single Microsoft account that has users’ most up-to-date security information — rather than each account having its own password. Users will still be able to send and receive e-mail from different addresses.
Outlook.com has long welcomed users who send e-mails from other accounts, such as Gmail, Yahoo Mail, Comcast, etc. In fact, in May Microsoft even introduced a way for users to send e-mails from other accounts and hide the originating Outlook.com account.
While Microsoft still welcomes users who have other e-mail services, it believes there needs to be better security controls. Here’s more from Doerr’s blog post:
We’ve increasingly found that linked accounts are less robust, and less secure than using aliases. With linked accounts, you can sign in to Outlook.com on the web and then switch to any other linked account without entering a password. It’s a handy feature.Unfortunately, this same feature benefits the bad guys, too. We’ve found that quite often, people who use linked accounts keep their primary account’s security info (including password and proofs) up to date, but don’t lavish as much care on their secondary accounts. It’s easier for a malicious party to compromise one of those secondary accounts, which gives them full access to your primary account. Note that if we detect suspicious activity in your account, we automatically unlink accounts to try to help prevent this abuse, but we think we need to go further.
Besides dropping the linked accounts for aliases to enhance security, Microsoft also introduced two-factor authentication for passwords in April. The extra verification process is aimed at reducing the likelihood of online identity theft, phishing, and other scams because the victim’s password would no longer be enough to give a thief access to account information.
In the next couple of days, Microsoft will be sending out e-mails to all Outlook.com users with linked accounts informing them about the change and what they need to do get set up with aliases.