Your Windows Live ID is essentially your online identity for all of the Windows Live services, Xbox Live, Zune and other third party websites (such as Expedia.com) that utilize Windows Live ID. If you’re using Windows Live Hotmail and Windows Live Messenger, your Windows Live ID stores all your contacts and email messages. Your Windows Live ID is definitely something you don’t want to have compromised and I’ve got several pointers – or best practices – in keeping your Windows Live ID safe.
Do not hand out your password! Don’t give anyone your password to your Windows Live ID. Handing out your password to anyone is simply asking for trouble. Don’t even give out your password to friends or family. I can’t imagine a reason why they would need it. Just don’t give out your Windows Live ID credentials at all.
Be careful giving your Windows Live credentials on non-Microsoft websites. There are some websites out there that will claim they “require” your Windows Live ID credentials for their service. Some sites use this tactic to gain access to your Windows Live ID.
Fact: Microsoft will only ask for your Windows Live ID credentials on login.live.com and nowhere else!
Use a strong password for your Windows Live ID. Don’t use common words or names. Use a combination of uppercase and lowercase letters, numbers, and symbols.
Don’t use an obvious answer to your secret question. Microsoft provides a list of possible “secret questions” for your account. A secret question is used when you forget your password for your Windows Live ID. Choose a secret question that has an answer that people won’t be able to guess (friends, family, etc). The risk you have in using a secret question with an answer your friends might be able to guess is that your friends can try to “hack” your Windows Live ID and have fun with you. Your secret answer must have 5 characters or more and is not case sensitive. Remember to remember your secret answer of course.
Added protection: make your password expire every 72 days. You can login to account.live.com and change your password for your Windows Live ID and configure it to expire every 72 days. I personally don’t choose this option rather I change my password every couple weeks on my own.
Neelamadhaba Mahapatro, General Manager for Microsoft’s Identity Services (including Windows Live ID) has a post over on the Windows Live Dev Blog explaining Microsoft ongoing to commitment to keeping your Windows Live ID safe and what’s being done today to protect Windows Live ID users from phishing.