Confirming previous reports, over the next couple days Microsoft will roll out an upgrade to Microsoft account, including optional two-step verification to help keep your account more secure.
You will be able to enable two-step verification using an option that will show up in your account in the next few days. With this release you can choose to protect your entire account with two-step verification, regardless of what service (or device) you are using with your Microsoft account.
Two-step verification is when Microsoft will ask you for two pieces of information anytime you access your account ? for example, your password plus a code sent to a phone or email on file as security info.
Apple, PayPal, Google, Facebook and other vendors already have implemented two-factor authentication.
If you have a smartphone, you will be able to set up an authenticator app, which allows you to receive two-step verification codes even while offline. The next time you sign on, you?ll be prompted for a code. For Windows Phone, Microsoft released a Microsoft Authenticator app. The app supports a standard protocol for two-step verification codes and can be used with your Microsoft account and other systems that support two-step verification codes, like Google and Dropbox.
If you have an app or device that doesn?t directly support two-step verification (like your Xbox, or setting up email on your smartphone), you can still use two-step verification. For these devices, Microsoft help you set up an app password unique to each application or device.
The advantage of authenticator applications is that they use advanced cryptography to generate codes to access your account without the need to be online.
On devices you use regularly, you can select an option to not ask for security codes. But if you don?t use the device for 60 days, Microsoft prompt you for a code again for your security.
In case you know your password but lose access to your secondary security proof, Microsoft's customer support cannot update it for you. Your only option is to go through a recovery process that enforces a 30 day wait before you regain access to your account. And if you lose access to your password AND all your security info, you will not be able to regain access to your account.