Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

  • jemikwa@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    edit-2
    10 months ago

    This has been happening with my original MS email account for years. It’s been in so many data breaches and pwns over the years that I basically have abandoned it. It’s constantly being probed by malicious actors from outside the US. I still keep it for when family reaches out, otherwise I’d close the account.
    There’s no real way to block the attempts. Make sure your password is rock solid (randomize and store it in a password manager) and unique, put on 2FA, and ensure your recovery methods aren’t easily phishable/leakable.

    • Jakeroxs@sh.itjust.works
      link
      fedilink
      arrow-up
      5
      ·
      10 months ago

      Same, since it’s a ms account I have a ton of stuff linked to it and can’t simply close it. You can change your login email, as far as I can tell you still get the emails that were sent to the old address, just moving forward what you sign in with is different. That slowed it down a little bit for me.

      • jemikwa@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        That’s good to know. I’ll give it a shot setting up another alias but still keeping the address functional