Securing your Xbox Live Account

After the recent Xbox Live Account Hackings, you may be growing slightly more concerned with the way these accounts are being done. Microsoft has stayed steadfast that “social engineering” is the root cause, but let’s go over a few things you can do to harden your security against your account being compromised.

To do this write up, I wanted to walk myself through some of these processes. If I were trying to get in to an account, I would most likely start with trying to reset the password. I came accross a fun tidbt when doing my research for this post: when I went to reset my password, I had the option to email myself a password reset link. Pretty standard stuff. When I chose that option, it said it would send the password reset to TWO email addresses – the first being my current Live ID, and the second being an address that I had first used to create my gamertag, and actually have only rarely logged in to over the last couple of years.

I searched my account settings on Xbox Live, Hotmail, and Live.com and couldn’t find where this account was associated with my current LiveID. I went so far as to call Xbox Support (1-800-4My-Xbox), who suggested just shutting down the other Live ID / Hotmail address. No thank you, I didn’t want to delete NuAngel@hotmail.com – an account I had first registered with Hotmail on February 8th, 1999! When I worked with support, I was also told, while on hold, I might need to know the answer to my secret question. I don’t remembr setting up a secret question! If my old, forgotten email address had been compromised, and someone sent a password reset to that address, I would be out of luck. If I had to then call Xbox Live Support and answer my security question, what would it be, and would I know the answer!? I knew this could be chaos. I know that there are literally millions of others like me out there, and this write up is for all of you!

You set up your Xbox Live account 2, 3, 5, 7 years ago – and haven’t changed much since? Well then it’s time to make sure that, whatever happens to your account, you know you can at least get it back. Most of the work is going to be done from one website, http://account.live.com – open your browser to that page, now.

Once you’re on http://account.live.com, you may notice what I noticed. Email addresses on the bottom and Linked ID’s – neither of these was showing the OTHER email address that my password reset would go to.

Your personal information is at the top of the page, and the large block of links draws your eyes to the bottom. The middle looks like it’s just trying to get you to sign up for “Hotmail Plus.” If you scan over the page, like I did (about a hundred times), you’ll miss the two links which I have highlighted in red for you in the picture above. Two small links. Reset Password (I think we know what that does), and a link that says “Manage” after a small title that says “Security Info.” If you want to reset your password (perhaps for the first time in five years?), that might be a good idea. But once you click the manage button, that’s where all of the magic happens.

From that page you can ensure your account is locked down with all of the information you have for acquiring support or resetting your account. First, you’ll notice an option to Add a Mobile Phone. I, personally, haven’t done this. I haven’t read all of the legalese, but I don’t like the prospect of getting any spam text messages. However, in the event you forget or need to reset your password, you can have them send you a text message with a code in it that will get you in to your account.

The next option is Alternate Email Addresses. Contrary to Crystal at Xbox Support’s statements, when you do a password reset you cannot choose which email address the reset email goes to. It will go to ALL of the email addresses listed in this section. Make absolutely certain that these are addresses that you actively still use and have access to. Update it with new addresses for redundancy and security, and remove old expired accounts.

Third, we have the Trusted PC feature. While I have never used it, this sounds like an amazing new development in system security. I don’t know precisely how it works, and perhaps if you’re the kind of person who reformats your computer every two months, this may not be the option for you. I’m not precisely certain how it works, if a person can just name their machine the same as yours and it will work, or if the SID must match or some other technical requirements exist, Microsoft is fairly vague on it – but if you have a system that you mostly leave alone (say, a laptop that doesn’t get wiped out as often as your main gaming rig), then you might want to look in to using Microsoft’s Trusted PC feature.

Finally, the security question. This is the question that Microsoft employees may have to ask you in order to work with you when you call support. It doesn’t appear to be used during the password reset process at any point, and may never come in to play for you – but you should know what it is. What is handy on this screen is the simple fact that you don’t need to know the answer to change it. You’re already logged in to your account, even if you THINK you know what the answer to your question is, you can clear it and set it to that – because who knows how your mind and memories have changed since you first registered for Xbox Live.

So there you have it. It’s not as exhaustive as I first thought – it’s really all simple to manage from ONE page. Finding that page and not glazing right over it was the hard part! Update your question, make sure you still have access to email addresses, update your SMS phone number, create a Trusted PC, if you want. Just do everything you possibly can to protect yourself – because, until more solid news comes from Microsoft, we’re all juicy targets for some nasty folks out there, just like Susan Taylor was.

Store your 360's saved games in the cloud

Time for our Xbox Tip of the Week! This one is pretty straight forward. With the recent release of the dashboard update for the Xbox 360, Gold subscribers have access to Cloud Storage. The benefit? You can save your game, go to a friend’s house, and load your progress there! No need to remember to bring a Memory Unit, or even a flash drive! It’s a handy little feature, and it seems that many games will natively support it by treating it just like another storage option – but if your game is already saved on your hard drive, how do you move it to the cloud?

Well, you can read all of the details on Xbox.com’s support article, but basically you just need to go to the Settings page, then select Storage, select the hard drive, choose Games, find the game in question, then select on the save game file. The next screen should have a MOVE option – move it up to the Cloud Storage option, and you’re set! Then when you log in on another console, your save game will be available to you. No games lost!

I need to do a little home work and find out if this feature is available for Games for Windows Live – where you’re more likely to format your hard drive and lose your data (and if not, when?).

Transferring your Xbox 360 data

It’s Sunday. If I were doing my blogging as I should’ve been, then you would already know it’s time for the Xbox Tip of the Week! Too bad I haven’t been. Still, with the holidays recently passed, whether your received a new console as a gift, or (like me) you couldn’t resist a Black Friday deal, you may need to do some migrating of data. So why not learn how easy it is to use a Data Transfer Kit.

Just a year or two ago, these kits had to be ordered directly from Microsoft, and included a special disc to be inserted to your new console to begin the data transfer. Black Market vendors promised a good deal on eBay, but they never sent you a genuine data transfer cable or the correct disc. But now? It’s simple! The cable can be picked up in any major retail store and the software is built right in to the dashboard.

The steps are very straight forward, and a complete guide from Microsoft is available on Xbox.com, but it’s as simple as removing the old drive from the old console, snapping it to the data transfer cable, then plugging it in to the USB port on the new console. Then, when you power on the new console, you will be prompted on which direction you wish to transfer the data: select “Yes, Transfer TO CONSOLE” and the process begins. It is essentially “cut and paste.” If everything succeeds, the old drive will be wiped back to what is essentially a factory default state.

Good luck, and enjoy the fresh new console!

Change your Xbox on screen keyboard to QWERTY

If you don’t have a chatpad for your Xbox 360 becaue you don’t send enough messages, but you have a hard time finding your way around the Xbox 360’s on screen ABCD keyboard, this one’s for you.

credit: support.xbox.com

It’s quick, and easy:

  • From the Dashboard roller, select My Xbox. Then navigate all the way to the right and select System Settings.
  • Select Console Settings.
  • Select Language and Locale.
  • You’ll notice on the right hand side English is already selected. But let’s keep going. Select Language.
  • Here you can select Eglish (QWERTY).

Now, when sending messages to friends or Redeeming codes, you’ll be greated with a more familiar standard US Keyboard layout!