An update to linked accounts

There are a number of people who have more than one email address and want to manage these multiple email addresses from Outlook.com. Linked accounts were introduced in 2006 as a way to quickly switch between different accounts each with their own email address. Over the next couple months, we will stop supporting linked accounts and instead help people move to a more robust and secure way of managing multiple email addresses: aliases.

Why have multiple email addresses?

There are many reasons people have multiple email addresses, some of the most common include:

  • They don’t want to give out their primary email address to companies and some individuals, to avoid junk email.
  • They want to organize their email into different separate groups in their inbox.
  • They’re in the midst of transitioning from one primary email address to another.

We know there are lots of good reasons to have multiple email addresses.  We also believe it’s important to provide a more robust, secure and durable solution to meet your needs.

It’s a new world

Why make this change? Well, a lot of things have changed since we introduced linked accounts. Most importantly, your email address is also often how you sign into the account that is your “digital identity.” For example, your Microsoft account unlocks a broad array of experiences ranging from Windows to Xbox to Office365 to Outlook.com and more. Increasingly, devices allow people to connect their various accounts (Microsoft account, Facebook, Twitter, Apple ID, etc.) to their devices and have it all “just work.”

That means that you want to have one Microsoft account that lets you light up your Microsoft devices and services with your stuff: your gamer score, your email inboxes, your calendars, your people, and your files, as well as to connect to all the networks you care about.  That’s certainly the system we’re building, and why we’ve designed aliases to make it easy to have multiple email addresses (for receiving and sending) connected to a single Microsoft account.

On the flip side, we’ve increasingly found that linked accounts are less robust, and less secure than using aliases. With linked accounts, you can sign in to Outlook.com on the web and then switch to any other linked account without entering a password. It’s a handy feature.

Unfortunately, this same feature benefits the bad guys, too. We’ve found that quite often, people who use linked accounts keep their primary account’s security info (including password and proofs) up to date, but don’t lavish as much care on their secondary accounts. It’s easier for a malicious party to compromise one of those secondary accounts, which gives them full access to your primary account. Note that if we detect suspicious activity in your account, we automatically unlink accounts to try to help prevent this abuse, but we think we need to go further.

Learning from the past and moving forward

We believe that aliases provide a more robust and secure capability for managing multiple email addresses. You can send and receive email from different addresses and keep it all organized the way you like.  And all of this is tied to a single Microsoft account that has your latest and most up-to-date security info. 

A couple years ago, we began the process of delinking linked accounts and encouraging people to move to aliases. We got good feedback about some issues, and have been hard at work fixing these gaps. To give you a smoother transition, we’ve added two new features:

  • Mail forwarding – you can now forward all email from a secondary account to your primary. It’s easy to set up a folder structure to keep email as separate as you like.
  • Send email from another account -you can configure the secondary account as a “send-only” address. When combined with email forwarding, it means you can both receive and send email from that email address, all within your primary Microsoft account.

We’ve also heard from some of you that you’d like to just “move an alias” – move the email address and email from one account to another. We’ve heard you loud and clear. Stay tuned for more about this in the future.

What you need to do

In the next few days, we’ll send email about this change, including the steps you should take, to everybody currently using linked accounts. Soon after, when you sign in with a linked account, you’ll see a notice with the same info. We want to make sure that you aren’t surprised by this change.

If you don’t use linked accounts, there’s nothing you need to do.

If you do use linked accounts, now’s a good time to make sure each account has updated security info, and that you know the password for each one. It’s much easier to do this now while they’re still linked. But even if you forget your password later, you can always reset it.

If you’re interested in consolidating email, here are a few additional things you can do:

  • Set up email forwarding, so you can read and write all your email from one account. Note: Normally you have to sign in to an account every 365 days to keep it active. Formerly-linked accounts are exempt from this requirement so you don’t need to visit them regularly.
  • If you want to use additional email addresses with your primary account, set up an alias. You can use it to send and receive email, and even sign in.

In late July, we’ll begin unlinking linked accounts.

I know it’s a hassle to make changes when you have a setup that works. We wouldn’t ask you to do this if it wasn’t important for your security. Thanks for partnering with us to help keep you (and your neighbors) more secure.

Eric Doerr, Group Program Manager, Microsoft account