Account Security for Xbox LIVE

Keeping your information safe

An Xbox LIVE account gives you access to Xbox LIVE games, game add-ons, avatars, and voice and text chat. If someone else gains access to your Xbox LIVE account, however, that person could compromise your privacy, make changes to your account and profile, or purchase items without your consent.

Here are a few guidelines that you can follow to help protect your Xbox LIVE account:

  1. Do not give your full name to strangers over the Internet or over Xbox LIVE. Do not put your full name in your Xbox LIVE profile.
  2. Keep your physical address private. Telling someone what school you go to or what neighborhood you live in can be enough to locate more information about you. Think of all the personal information that you have likely posted to social networking sites such as Facebook, MySpace, or Windows Live Spaces that someone could use to pose as you. Do not put your full physical address in your Xbox LIVE profile.
  3. Do not give out your Windows Live ID as an email address to strangers. Set up a second email account at www.hotmail.com.
  4. Receive notifications if someone tries to reset your password. Receive a text message or an email message if someone tries to reset your Windows Live ID password. On your account, add a mobile phone number that can receive SMS (short message service) messages, or set up a secondary email address. Go to http://accounts.live.com.
  5. Keep responses about your career brief or vague. In your Xbox LIVE profile, do not provide specifics about where you work or whom you work for.
  6. Do not unnecessarily reveal information about yourself or your accounts. Be wary of anyone asking you for information that they do not need.

 

What is unauthorized access?

Unauthorized access is the use of your Xbox LIVE account without your knowledge and consent. Unauthorized use includes the recovery of your Xbox LIVE account on a console that is not yours and logging into your account via Xbox.com.

Important
  • The unauthorized recovery of your account to another console can result in loss of your access to the service or other consequences that negatively affect your gaming experience.
  • The unauthorized use of your account can also result in unauthorized charges for purchases made using your account.

Ways your account can be stolen

  • Account sharing

Sharing your Windows Live ID password is one of the most common ways to have your account compromised and is easily preventable by you. Help ensure the safety of your account by keeping your password secret.

Do not share your Windows Live ID password with friends, family members, or anyone else, regardless of the reason, as doing so allows others to access your account.

 

  • Social engineering

Social engineering is the process someone uses, through seemingly meaningless conversation or other means, to manipulate you into revealing personal information about yourself or your accounts.

Once the person has enough information about you, they can pose as you and attempt to obtain access or make changes to your account. Do not reveal personal information about yourself or your accounts.

 

  • Phishing scams, emails, and websites

Phishing is an Internet scam designed to trick you into revealing information about your accounts. This information includes your login credentials, such as your Windows Live ID and password, and details about you or your accounts that can be used to gain access to your accounts. Phishing is a common method that thieves use to steal accounts.

Phishing methods include:

  • Email messages that appear to be from a coworker or friend with links to a website or asking for information about you or your account(s).
  • An instant message that appears to come from someone in your friends list with a link to a website
  • An email appearing to come from Xbox or Microsoft.
  • In-game messages claiming to be from Xbox Support.
  • A "spoof" website, pretending to be an Xbox LIVE website with a Windows Live ID login page.
  • Gamerscore-boosting websites.
  • Websites offering free points or achievements.

Regardless of the phishing method, the single most important thing to remember is: Do not reveal your login credentials or other information about yourself or your accounts.

Example: Free Microsoft Points!

You receive an email that appears to be from Xbox, offering 5,000 free Microsoft Points to the first 100 people who go to a website linked in the email. When you click the link, you are sent to a website that appears to be affiliated with Xbox which prompts you for your Windows Live ID and password. Once you enter your information and sign in, you are sent to a confirmation page. Later, however, when you go to Xbox LIVE Marketplace and attempt to redeem your 5,000 points, you did not receive them. You have just been "phished."

What does this mean?

The email and the website were not from Xbox. Whoever is monitoring that website now has your Windows Live ID and password, and can use this information to compromise your account.

What can you do?

  1. If you still have access to your account, immediately change your Windows Live ID password.
  2. Change your secret question and secret answer for your account.
  3. Change your alternate email address associated with your Windows Live ID.

For information on how to perform these actions online from a computer, please go to Windows Live Sign-in Help Center.

For information on how to perform these actions on your console, go to Manage your Windows LIVE ID .

For more information on different types of phishing scams and on what you can do to protect yourself, go to Microsoft Online Safety: Fraud prevention.

 

Keeping your Windows Live ID secure

Here are a few guidelines that you can follow to help keep your Windows Live ID more secure:

Important Microsoft and Xbox will never ask you for your Windows Live ID password in email, through instant messaging, or over the phone. Enter your Windows Live ID password only at known Microsoft sites or through the Xbox console.
  1. Create a strong password that includes a combination of uppercase and lowercase letters, numbers, and special characters (for example, #, $, %, ^, &, and *).
  2. Change your password and secret question and secret answer routinely. When resetting your password, you can choose to make your password expire every 72 days.
  3. Never share your Windows Live ID password with others.
  4. Share your Windows Live ID only with people you know personally, such as friends and business contacts, with whom you wish to use Windows Live Messenger.
  5. Use a secret question with a secret answer that only you know.
  6. Do not provide your Windows Live ID to unknown websites, businesses, or message boards.
  7. Do not share your password or personal information with anyone contacting you who is presenting themselves as a customer support agent or affiliated with Xbox or Microsoft. If you are concerned that the contact might not be legitimate, contact Xbox Support directly.

For more information on keeping your Windows Live ID secure, go to Microsoft Online Safety: Help protect your Windows Live ID.


What can I do if my account has been compromised or stolen?
If your Xbox LIVE account has been compromised and you no longer have access to your account, contact Xbox Support immediately


 

Account Security Support page

 

Question Info


Last updated July 5, 2018 Views 18 Applies to:

This belongs in the Think Something's Missing? thread. Also, it should be more conversational and less bulleted lists, like the post describes. Please see our stickies for reference. Thanks!

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.