A few days ago I was travelling out of the country and received an email saying that my Microsoft account has had suspicious activity. Since I keep a lot of stuff on the internet, I immediately took a few minutes to investigate and act. Here are my thoughts:
- Changing your password is easy, but when you have two factor authentication activated, then you need to get new app passwords for each app or device that doesn’t support second factor authentication.The second factor is an app that generates numbers that change every few seconds. It can be the “Authenticator” app from Microsoft on Windows Phone (or any other platform as the standard is called TOTP). I think that two factor authentication is a fabulous idea and turns out it is easy to implement (more on that later). Everybody should go and activate it on their account. All I hope for is that apps (Outlook, Windows Phone 8) and devices (Xbox 360) quickly activate proper support for it.
- Microsoft offers a page that shows you on a map your recent accesses which is great for validation. In my case, I seem to have a device at my work (guessing from my IP address) that was synching while I was out of town.. maybe that is what caused the suspicious activity in my account. I love these tools as they could really help out in my diagnosis of the situation.
With this said, one of my new principles is to not reinvent authentication mechanisms again, if you want to do a great job, it will cost you a lot of time and money. I will now try to thrive for federation, which will basically expose the resources in my systems to identity’s which are managed by another system – I will concentrate on my business stuff and let the other systems (such as Azure Active Directory) manage that part of the system.
While I am talking about tools, I always recommend that projects invest a little time in integrating things that will help diagnose problems. These are my favorites, which are all available on nuget to make integration a snap :
- Elmah is a system that plugs into the ASP.NET pipeline to capture errors and deal with them. It also provides a web page that will display error reports.
- Enterprise Library is a suite of tools you can use to configure logging and exception management. It’s a great product built by Microsoft’s Patterns and Practice team.
- nLog and Log4Net are both logging frameworks which allow to perform logging.
Operating a solution can be as expensive as building, so might as well add the tools required to operate it smoothly…
Modelon Solutions 
Leave a comment