Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.
What I find hilarious is that Microsoft wants you to connect your entire digital existence to your Microsoft account… software keys, Windows license, Windows account/login, the works.
One little pwn and all that goes bye-bye.
Thanks, but no thanks. I’m still 100% local. I refuse to hook my Microsoft account into anything other than OneDrive, and even with that, I’m clipping all of it’s wings so that it shares only exactly what I want it to, and not all of my user directories.
Lol. I noticed an attempt every five minutes the other day. Joys of an older account. Use MFA everyone, it’s getting hairy out there!
This has been happening with my original MS email account for years. It’s been in so many data breaches and pwns over the years that I basically have abandoned it. It’s constantly being probed by malicious actors from outside the US. I still keep it for when family reaches out, otherwise I’d close the account.
There’s no real way to block the attempts. Make sure your password is rock solid (randomize and store it in a password manager) and unique, put on 2FA, and ensure your recovery methods aren’t easily phishable/leakable.
Same, since it’s a ms account I have a ton of stuff linked to it and can’t simply close it. You can change your login email, as far as I can tell you still get the emails that were sent to the old address, just moving forward what you sign in with is different. That slowed it down a little bit for me.
What you need to realize is that for Microsoft, these attacks are constant. They deal with them basically 24/7/365. The target might change, but the attacks never stop.
Between Hotmail, Outlook, and exchange online (365) they’re handling a large number of attacks per second all the time.
If they started to inform you about it, they would easily triple the emails they’re handling due to all the failure messages.
This is nothing new to them, it’s been going on since long before you noticed. Any MFA will effectively stop any attacker in their tracks. Make sure you have changed your password since you got that code sent to you, since that usually indicates a successful password breach.
Yubikeys are a good idea but you should always have a backup, so if you can afford it, buy two. One to carry, one to use. The downside is that each needs to be enrolled separately to each service that they’re used for. It’s not an issue to have multiple keys associated to the account, so that would be my recommendation.
I have a yubikey for work, and I use TOTP as a backup, and personally, I have a pair of Google Titan security keys. One to carry and one to stay at home.
PSA: you can add mail aliases for outlook and set one of the new aliases as your only valid login address. That way no one knows your login email address in the first place.