Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

  • kamiheku
    455 months ago

    They cracked my randomly generated password - which doesn’t surprise me that much, brute force cracker are pretty effective nowadays.

    I’m actually surprised that it’d be feasible to use a brute force approach to gain access to an online account. I would expect them to hit some kind of rate-limiting long before they’d find the correct password

    • edric
      155 months ago

      Brute force attacks are usually done offline, where the attacker somehow gets a copy of a database of hashed passwords and they can take as many attempts as they want locally before they get a hit and can try it online.