13 out of 32 rated this helpful - Rate this topic

Developer account security

We use security proofs to raise the security level of your developer account by associating it with multiple forms of identification. This makes unauthorized access to your Microsoft account substantially more difficult. Also, if you ever forget your password or someone tries to access your account, these proofs provide us with a way to reach you to reestablish appropriate control of your account.

What is strong authentication?

Strong authentication is a means of verifying your account ownership through the use of security proofs. These security proofs help to make unauthorized access to your account substantially more difficult. A proof can be:

  • An email account
  • A phone number
  • A trusted PC

When you sign in to the Windows Store Dashboard, the system requests that you verify your identity by means of one of these proofs. In the case of an email address or a phone number, we send a code that you must then supply to complete the sign-in process.

In general, using a trusted PC provides the most seamless sign-in experience. Trusted PCs require one of the following configurations:

  • Internet Explorer on Windows 8.
  • Internet Explorer with Windows Essentials and Microsoft account Sign In Helper Add On enabled. (This can be checked by going to Manage add-ons in Internet Explorer.)

Guidelines for company accounts

For company accounts, we have a few guidelines to help you set up your security proofs:

  • Create your Microsoft account using an email address that belongs to your company's domain, but not to a single individual—for example, windowsapps@fabrikam.com.
  • Add a company phone number that does not require an extension, or an additional email distribution list as a proof.
  • Limit access to your company's Windows Store Dashboard to the smallest number of developers as possible.
  • In general, use trusted PCs as your security proof. All key team members must have access to these trusted PCs.
  • If you need to allow access to the Windows Store Dashboard from a non-trusted PC, limit that access to a maximum of 5 developers. These developers should access the Windows Store Dashboard from machines that share the same geographical and network location.
  • Frequently manage your proofs to keep them current.

Your Dashboard should be accessed primarily from trusted PCs. This is critical because there is a limit to the number of codes generated per account, per week. It also enables the most seamless sign-in experience.

Managing security proofs

Manage your proofs by going to https://account.live.com/proofs/Manage and signing in with the associated Microsoft account. For additional information about how to add proofs to the account, see this help topic. If you have not set up your proofs or you cannot access the proofs, you will not be able to conveniently access your Windows Store portal.

If proofs already exist on the account, one of the proof owners must set up the additional proofs. After additional proofs are added and confirmed, existing proofs can be deleted from the account. If there is absolutely no way to access any of the existing proofs for even a one-time validation, see Recovering lost proofs.

Currently, you can have up to ten proofs registered per account. You must have at least two email or phone proofs on the account. This is important because even if you access the Windows Store Dashboard from trusted PCs, you may be asked to provide the code in specific situations. That leaves eight proofs available for trusted PCs.

Steps to prepare for strong authentication:

  1. Set up a corporate email distribution list to which the codes to access your portal can be sent. Add this alias as the first proof to the developer account. This allows the employees on the list to receive the codes needed to access the portal or to add additional proofs. If setting up a distribution list is not feasible, the owner of the email or phone proof must be available to share the code whenever a proof is added to the account, or possibly even whenever the Store portal must be accessed.
  2. Add a corporate phone number that does not require an extension and that is accessible to key team members, as an additional proof. Alternatively, add an additional corporate email distribution list as discussed previously.
  3. Add trusted PCs.
    • This proof must be set up after first successfully adding one of the other proofs.
    • If most developers who need access to the Store portal can have a trusted PC on the account, that's great. (Remember, a maximum of eight trusted-PC proofs can be set up per account.) If not, you may centralize store access via specific developers. Alternatively, you can set up virtual machines (VMs) with controlled access, or shared PCs with remote access, as trusted PCs on the account. Developers can access the Store portal via these machines, using the same Windows account to access the VM or the shared PC.
    • Verify that key team members have access to trusted PCs, because use of a trusted PC is required to unblock activities in some situations.
    • To add a trusted PC as a proof, go to https://account.live.com/proofs/Manage from that PC and follow the instructions to add the machine as a trusted PC.
  4. If you still have spaces for more proofs, fill them up either with trusted PCs or with email or phone proofs.
  5. Remember that some proofs must be confirmed before they are valid. If you are presented with an option to confirm a proof, click that link and follow the instructions.

Guidelines for individual accounts

Manage your proofs by going to https://account.live.com/proofs/Manage and signing in with the associated Microsoft account. For additional information about how to add proofs to the account, see this help topic. If you have not set up your proofs or you cannot access the proofs, you will not be able to conveniently access your Windows Store portal.

  • Create your Microsoft account using an email address that belongs to your company's domain, but not to a single individual—for example, windowsapps@fabrikam.com.
  • If you have not set up proofs or you cannot access the proofs to receive the code, you won't be able to conveniently access your Windows Store Dashboard.
  • If proofs already exist on your account, one of the proofs must be confirmed before you can add additional proofs. If there is absolutely no way to access any of the existing proofs for even a one-time validation, see Recovering lost proofs.
  • Add at least one trusted PC to your account. Remember, you can add a trusted PC only after you set up other proofs such as an email address or phone number.

    To add a trusted PC as a proof, go to https://account.live.com/proofs/Manage from that PC and follow the instructions to add the machine as a trusted PC.

  • Always add as many proofs as possible.
  • Remember that some proofs must be confirmed before they are valid. If you are presented with an option to confirm a proof, click that link and follow the instructions.
  • Frequently manage your proofs to keep them current.

  • Currently, you can have up to ten proofs registered per account. You must have at least two email or phone proofs on the account. This is important because even if you access the Windows Store Dashboard from trusted PCs, you may be asked to provide the code in specific situations.

Why are so many proofs required?

Often, people change or stop using a particular phone number or e-mail address. By having two proofs, you are more likely to have access to at least one of these accounts and thereby reduce the chances of being locked out of your account for even a short time period.

How to remove or delete an existing proof

  • Go to Manage your security info and sign in with your Microsoft account.
  • Next to the proof you want to remove, click Delete.

    Important  If you have only one proof on your Microsoft account and you want to remove it, you may have to use that proof to validate its own removal. (For example, to remove an email address that is the only proof on your account, you may need to respond to an email message sent to that same address.)

  • If you’re unable to access any of your current proofs (such as a phone number that you don’t recognize or an expired email account), see Recover your Microsoft Account.

Using a proof to sign in

After you've established your proof, you can access your Windows Store Dashboard. Here's how.

Accessing your Dashboard

  1. Visit the Dashboard sign-in page at https://appdev.microsoft.com/StorePortals.

    The sign in screen for Microsoft accounts.

    After you provide your credentials, a code is generated that enables you to sign in to your Microsoft account.

  2. Insert the code that was delivered to your alternate email address, to your mobile device via SMS, or via a phone call, to access your Dashboard. Your code is sent automatically to the most recently used account proof associated with your Microsoft account.

    The Help Us Protect Your Account screen for strong authorization.

  3. If you click I didn’t get the code, you are presented with a new screen that asks where you'd like to send the code. You can choose any of the options that you supplied when you configured your proof:

    • Send the code to the alternate email address
    • Send the code to your mobile device via SMS
    • Send the code via a telephone call

    The Request to send code dialog box.

  4. Enter the code to access your Dashboard.

"Trusting" your PC

To be "trusted", a PC must have one of the following configurations:

  • Internet Explorer on Windows 8.
  • Internet Explorer with Windows Essentials and Microsoft account Sign In Helper Add On enabled. (This can be checked by going to Manage add-ons in Internet Explorer.)

  1. After providing your code as described above, you are presented with this option: I trust this PC. Use it to verify my account in the future. Select this option to avoid entering a code each time you sign in; the use of the trusted PC becomes proof in itself of your identity.

    The Trust This PC dialog box.

  2. Select the check box next to I trust this PC. Use it to verify my account in the future. Then provide a friendly name for the PC.

    The Name This Computer text box.

  3. Enter the code to access your Dashboard. In the future, you won't be required to provide proof of your identity when using this PC.

Recovering lost proofs

If all of your security proofs (phone numbers, emails, trusted PCs) are outdated or wrong, and cannot be accessed for even a one-time validation, you will generally have to use a different Microsoft account and set up proofs as described in previous sections.

The only exception is if you are a Windows Store developer or Windows Phone developer who established a developer account before August 15, 2012. If this is the case, you can request to have all the proofs removed from your account so you can enter new proofs. To do this:

  • Go to Remove all security info and sign in with your Microsoft account.
  • Click Remove all.
  • Enter new, valid proofs. These proofs are added to your account automatically after the old proofs are removed.
When you choose to have all your security info removed, messages are sent to every phone and email proof on your account. This is for your protection, to help make sure that your account isn’t being accessed by an unauthorized user. The process takes 30 days.

 

 

Build date: 3/14/2013

Help us help you
Answer questions that we’ll use to make the Dev Center better.
Was this page helpful?
Your feedback about this content is important
Let us know what you think.
Additional feedback?
Thank you!
We appreciate your feedback.
© 2013 Microsoft. All rights reserved.