Xbox LIVE Account Security

Additional Microsoft Account Security Steps

If you have followed the top five security steps including adding security proofs to your Microsoft account then follow these additional security steps to make sure your Microsoft account and computer are as secure as possible.

Use different usernames and passwords for
different sites

Use different usernames and passwords to different online sites, especially important sites which hold financial or personal information. If you use the same username and password everywhere, and it's stolen, you could lose access to all of your accounts.

Be careful using your Microsoft account in public places or on a shared computer

If you are checking your Hotmail account, signing into or using another service which requires you to use your Microsoft account on a public computer such as an Internet café, take caution in that these PCs may not offer the same protection as you do at home.

We recommend that if you are looking to use a public PC that you use a single use code instead of your password when signing in with your Microsoft account.

Find out more about how to set this up here.

An alternative is to use the IE 9 "In private browsing" feature. This enables you to surf the web without leaving a trail in Internet Explorer. Press Ctrl+Shift+P, or select "In private browsing" from the New Tab page to activate and a new browser window will pop open. One you have finished browsing, close the browser window and there will be no trail of your activities.

If this is not available to you and you do have to use your regular Microsoft account password, remember to sign out and close any browsers.

Avoid sharing personal information

Share your Microsoft account email address only with people you know and trust. Treat your personal information online the same way you would offline - follow the same rules as you do in the real world as you do online.

Never share any personal details about you or your account.

  1. Do not give your full name to strangers over the Internet or over Xbox LIVE. Keep your physical address private. Telling someone what school you go to or what neighborhood you live in can be enough to locate more information about you.
  2. Do not give out your primary Microsoft account as an email address to strangers. Set up a secondary email account at, which you can use for communication with unknown people, mailing lists, etc.
  3. Do not unnecessarily reveal information about yourself or your accounts. Be wary of anyone asking you for information that they do not need.
  4. Do not share your password or personal information with anyone contacting you who is presenting themselves as a customer support agent or affiliated with Xbox or Microsoft. This includes Xbox Community Ambassadors who you may contact through Ambassador Chat or the official Xbox support forums. If you are concerned that the contact might not be legitimate, contact Xbox Support. Microsoft and Xbox will never ask for your password in email, through instant messaging, or over the phone. Enter your Microsoft account password only at known Microsoft sites or through the Xbox console.

Enable online safety settings

Xbox LIVE offers a wide variety of online safety and privacy settings so that you can control your Xbox LIVE experience. The default online safety and privacy settings are divided into three age groups: child, teen, and adult. Xbox LIVE determines which default safety and privacy settings to use based on the birthdate that was entered when the Xbox LIVE account was created.

You can, however, customize the online safety and privacy settings to whatever is best for you and your family. Adults can change the default settings on their own account as well as on family member accounts.

Learn how to enable and find out what you can control.

For Xbox 360

For Xbox One

Check that you are on the correct site before entering your Microsoft account details

Is the website an official Microsoft site? Beware of websites which ask for your Microsoft account details, especially sites which offer deals that are too good to be true, such as free Microsoft Points. Before entering your Microsoft account details check the address bar in your browser to make sure it's the correct address and looks like below.

Don't click links in e-mails, go to the site directly
and log in

If you see a link in a suspicious email message, don't click on it. You can generally spot suspicious emails by:

  • Alarmist messages and threats of account closures.
  • Deals that sound too good to be true.
  • Bad grammar and misspellings.

Instead, type out the address in your web browser to see if you are going to the actual company's web site.

Require your Microsoft account password to sign into Xbox LIVE

If you have more than one Xbox 360 console or you want to play games at a friend's house, you can download your Xbox LIVE profile or gamertag to multiple consoles. For security purposes, we recommend you password protect your Xbox LIVE profile. If you don’t, anyone who has access to the console with your profile on it has the ability to purchase content.

Click here to find out how to enable this.

Check the website address before entering your Microsoft Account details

As with using a browser on your computer, use the same caution using Internet Explorer on your console. Be aware of websites which ask for your Microsoft account details, especially sites which offer deals that are too good to be true, such as free Microsoft Points. Before entering your account details check the address bar in your browser to make sure it's the correct address.

To view the address bar in Internet Explorer on your Xbox 360, press ‘B’ on your controller.

Hide your Microsoft Account being displayed on your Xbox 360 console

If you share your Xbox 360 console with people in your house, you can improve the security on your Microsoft account by disabling the Microsoft Account associated with your gamertag from being displayed in the dash. To do this

  1. Select the Guide
  2. Select System Settings
  3. Select Profile
  4. Select Account Security
  5. Select Display Microsoft Account
  6. Select Hide

Set an Xbox LIVE passcode or passkey on your account

Setting an Xbox LIVE passcode or passkey adds an additional layer of security on your account. If you set an Xbox LIVE passcode or passkey for your profile, anyone who wants to use that profile on your console must enter the passcode or passkey before signing in to Xbox LIVE.

For Xbox 360, click here to find out how to set it.

For Xbox One, click here to find about passkeys

Take caution with social network and cell phone apps

There are many apps on social networks sites and cell phones which can integrate with Xbox LIVE. The majority of these require you to enter your Microsoft account username and password. As we cannot determine what information these apps are sharing we encourage you to take caution. For example, check to see if there are reviews from other users or friends to see if they have reported any issues.