Ah, the sheer joy of legal jargon! Is there anything better than cuddling up with a long-winded end user agreement or acceptable use policy on a cold night? I know it puts me right to sleep!
Okay, you got me. I’m joking. But let me ask you this: have you ever taken the time to read through every agreement you’ve clicked ‘I accept’ to? It’s okay to admit that you haven’t… I know I haven’t. I mean, who wants to sift through all that legal mumbo jumbo when all you want to do is sign up for an email account? The answer might surprise you… It should be you.
In Microsoft’s Terms of Use for Microsoft 365 email, there’s an interesting section that should stand out. Bear with me as we delve into the part about Member Account, Password and Security:
If any of the Services requires you to open an account, you must complete the registration process by providing us with current, complete and accurate information as prompted by the applicable registration form. You also will choose a password and a user name. You are entirely responsible for maintaining the confidentiality of your password and account. Furthermore, you are entirely responsible for any and all activities that occur under your account. You agree to notify Microsoft immediately of any unauthorized use of your account or any other breach of security. Microsoft will not be liable for any loss that you may incur as a result of someone else using your password or account, either with or without your knowledge. However, you could be held liable for losses incurred by Microsoft or another party due to someone else using your account or password. You may not use anyone else’s account at any time, without the permission of the account holder.
https://www.microsoft.com/en-us/legal/terms-of-use
Now, here’s the part I want you to pay special attention to: “However, you could be held liable for losses incurred by Microsoft or another party due to someone else using your account or password.”
Still confused? Let’s break it down: If your account is hacked—maybe because you chose a weak password, didn’t use multi-factor authentication (MFA), or accidentally clicked on a dodgy link—and a hacker causes damage to Microsoft or another party, YOU could be held responsible. Yes, you read that right. Microsoft has the power to hold you accountable, and unless you’re the CEO of Amazon, chances are you won’t stand a chance against their army of lawyers.
You agreed to this when you signed up for Microsoft’s 365 email or even Outlook.com. The responsibility of keeping your account safe and secure falls squarely on your shoulders. It’s not up to Microsoft to ensure you’re using a robust, unique, and secret password, or that you’ve enabled MFA.
I don’t write this article to scare you, quite the opposite. Microsoft provides you with the tools you need to secure your account. I’m merely urging you to use them! If you’re not sure how, just ask! Seek advice from your IT department, a tech-savvy friend, or even the neighborhood whiz kid. I’m sure they’d be more than willing to take a break from their usual pursuits to help you secure your account.
When choosing MFA—and I trust you will—resist the temptation to go for the simplest options like text or email. Instead, aim for the best security: consider an authenticator app or, better still, a hardware token like Yubikey.
Stay safe out there and look out for each other!
Leave a Comment