Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

  • @jemikwaEnglish
    184 months ago

    This has been happening with my original MS email account for years. It’s been in so many data breaches and pwns over the years that I basically have abandoned it. It’s constantly being probed by malicious actors from outside the US. I still keep it for when family reaches out, otherwise I’d close the account.
    There’s no real way to block the attempts. Make sure your password is rock solid (randomize and store it in a password manager) and unique, put on 2FA, and ensure your recovery methods aren’t easily phishable/leakable.

    • @Jakeroxs@sh.itjust.works
      54 months ago

      Same, since it’s a ms account I have a ton of stuff linked to it and can’t simply close it. You can change your login email, as far as I can tell you still get the emails that were sent to the old address, just moving forward what you sign in with is different. That slowed it down a little bit for me.

      • @jemikwaEnglish
        34 months ago

        That’s good to know. I’ll give it a shot setting up another alias but still keeping the address functional