Microsoft One Drive is a cloud storage drive where you can keep files without having to worry where your flash drive is. It should be protected just like any other online account that you have. By following the steps I have outlined, you will do as much as you can to keep others from trying to get into your account. If you have a Skype account and have enabled Two Factor Authentication there, you are already ready to go. The instructions are listed here with minor changes so that those who don’t use Skype but use One Drive will be able to setup this same level of protection.
1. Use a Strong Password
For those that aren’t familiar with this term, a Strong Password is one that contains (where permitted by the website or service) a combination lower case letters, uppercase letters, numbers, punctuation or other special characters to make up a password. The longer the password is, the long it will take for someone to guess or hack your password. This is an area where I am probably as guilty as everyone else is on this. I have a “favorite” password or two that I liked to use in the past. This kept me from having to have a way to keep track of all the passwords that I used on different websites. With more websites adding additional layers of security such as challenge questions, etc., I have had to start using a password manager app to help keep track of the different passwords, the challenge questions and answers used on a particular website, the recovery procedure if I am locked out of a website, what additional login procedures I have used for that site, etc.
I use a password manager app called mSecure. It is a multi platform (i.e. Windows, Mac, Android, iPhone, etc) app so that you have close to the same interface regardless of how you are using it. It also has several different ways to synchronize the password database so that you should also have the same version of the login information on each of your devices that you use it on. There are a variety of apps to choose from in this area, so look for the one that best works for you.
2. Use a Unique Password
This one will be a bit of a pain but the time taken to do this will pay off in the long run. Look at it this way, if one of your logins on a particular site is compromised or hacked, you have taken a step to minimize the potential for additional website logins to be breached as well. Most password manager apps have the functionality of helping you generate a unique password. There are other apps that do this as well. A search of the app store for your phone or the internet for you laptop/desktop should show you some options to look at.
Different websites have different rules for how you can make your password strong. Some will let you use “special” characters such as * or +, others wont let you use those characters but will make sure that you dont use a password that can be looked up as a dictionary word. Some will not allow the same character or number to be used repeatedly. Remember, the more uniqueness you can have in a password makes it that much more difficult for someone to hack your account.
3. Microsoft Live
If you don’t already have a Microsoft Live account, you will need to set on up so that you will be able to use Two Factor Authentication. From the work I have done with setting up my MS Live account, you will need to wait about 10 to 15 minutes on average after you make a change before you will see any changes.
Which Two Factor Client to use?
There are several choices to work with for Two Factor Authentication. You can use the MS client. So far, I have only found a client that will install on the Android Operating System. No indication of when a version will be available for the Apple IOS. The Microsoft client pushes out the code that you should see on your Skype client screen. If the codes match, then you can click Approve and you will be in the Skype client momentarily. I have only seen support for the MS software token being used on Microsoft owned properties. Maybe that will change in time but haven’t seen anything to indicate a future direction.
If you are only using an Android device, Microsoft has an option that they have released. At this point it is available only on Android. If you select Android, you will be directed to the Google Playstore to download their app.
You have choice of use of 3 different software Two Factor Authentication – Google Authenticator, Authy and SAASPASS. They all do the same basic function in providing you a rotating set of 6 digits to enter when prompted by the application they have been configured for. Authy is a little different in that it synchronizes what you have it configured for so that it backs up for restoring later when needed. I recently became aware of SAASPASS and it has a few other features that set it apart from the competition. It offers a variety of features not found in the other two factor clients I have worked with. One nice feature is that SAASPASS puts an icon to the left of the rotating digits that each particular entry has been configured for.
4. Configuring your account for two factor use
You start the process by going to https://onedrive.live.com. Login to the account using your username and password. Click on Security & Privacy. Under Account Security, click on More Security Settings. Scroll down the page and look for Two-step verification. It should say Set up two-step verification. Click on that link. At the Set up two-step screen, review the information there and then click on Next to proceed. Since I don’t sync my phone with Outlook.com, I clicked on Next to proceed. The next screen you see will show the apps and devices that will need an app password since they won’t be able to use a two factor client. Make note if any of these apply so you can followup afterwards. Click on the Finish button.
Using the Microsoft Two Factor Client
Your account is now setup for two step verification. The next thing you will need to do is to select and setup the two factor client to use. Scroll down the screen and look for “Identity Verification Apps”. Click on the link “Set up identity verification app”. To use the Microsoft two factor client, click on Android (only if you are using an Android phone) and click Next. Once you have downloaded the Microsoft App from the Google Playstore, you will need to setup the account on your smartphone. Just follow the prompts and you should be finished setting up in a few minutes.
Using Google, Authy or SAASPASS two factor clients
At the setup identity screen, select Other as the client type. You will be shown a QR code. Take a screen capture of this and put it in a safe place like an Evernote folder for later use if you have to re-setup your two factor client without having to do a complete re-enroll process. The process, regardless of the two factor client you are using, will be fairly similar. Once you have things setup, you are pretty much ready to go.
Regardless of which two factor client you have elected to use, it will take a few minutes before Skype will be aware of your two factor configuration change. There are a couple of suggestions I would like for you to consider. The first is to enter your cell phone number a as a backup contact method. If for some reason, you can’t get the authenticator app to work or the code isn’t being accepted for some reason, you can have a text message sent to your phone as a backup authentication step. The other is that while you can have multiple authentication clients configured, don’t try that right away. As tempting as it may be, get used to using a single authentication app for this login before you try to get fancy.
For other posts in this series, please use this link – http://www.ronnutter.com/category/social-media/
If you would like to be notified when my book “Protecting Your Online Presence”, please click on the title and you will get an email as soon as the book is released for publication. Thanks for your interest !!.