Xbox LIVE General Manager Alex Garden posted today on Microsoft’s Xbox blog about the current state of Xbox LIVE security, concerning both improvements to the service and good practices Xbox LIVE users can use to protect themselves.
Microsoft has taken legal action to remove collections of gamertags, usernames, and passwords they said had been gathered from malware and phishing schemes. Garden also writes that they are trying to make the activity less appealing by taking measures such as banning consoles of both buyers and sellers of the stolen accounts.
On the technology side, Xbox LIVE has more security enhancements coming in the “near future” that started with what Garden calls behind-the-scenes improvements in the spring update to the service. Microsoft is also using their improved “proofs” feature to send codes to phone numbers and e-mail addresses users have listed in the security sections of their profiles when someone tries to make a change to the account not from their authorized device. Two-factor authentication goes a long way to keep users safe and is becoming more and more common. Blizzard’s authenticator devices and Google’s two-factor options are becoming popular as well.
Garden also goes into some things users can do to protect themselves. Even after the Sony debacle last year, the Gawker sites’ security leak, and so many others, apparently users are still using “12345” and “password” as their passwords. Garden says these are still the most common passwords on the service. He also links to Microsoft’s security management pages, where users can add the aforementioned phone numbers, secondary e-mail addresses, and authorized devices.
With all the high profile security leaks in the last few years, hopefully Microsoft is being proactive enough in protecting users, with the changes past and future, from a repeat of Sony’s failure.
[via Xbox Blog]