Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

  • kamiheku@sopuli.xyz
    link
    fedilink
    arrow-up
    45
    ·
    9 months ago

    They cracked my randomly generated password - which doesn’t surprise me that much, brute force cracker are pretty effective nowadays.

    I’m actually surprised that it’d be feasible to use a brute force approach to gain access to an online account. I would expect them to hit some kind of rate-limiting long before they’d find the correct password

    • edric@lemm.ee
      link
      fedilink
      arrow-up
      15
      ·
      edit-2
      9 months ago

      Brute force attacks are usually done offline, where the attacker somehow gets a copy of a database of hashed passwords and they can take as many attempts as they want locally before they get a hit and can try it online.