cross-posted from: https://lemmy.world/post/12063839
Someone keeps trying to access my MS account
Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.
deleted by creator
I checked out my old Hotmail account and there’s somebody in china trying to access it non stop.
It’s protected with a strong password and 2fa. But it still makes me uneasy. I just wish I could geo block the attempts or something.
Geo block would be great on unsuccessful logging in.
Removed by mod
What’s more annoying is that it’s been happening since January 21st and no notice from MS.
You’d think stopping crap like that is easy pickings for AI to sort out…
Ita the same for me. I only have my old hotmail as its tied to my xbox account. Someone from china is attempting to get access every day.
I have this also all the time on my Microsoft account. All un-successful of course (long password and 2FA activated). So stopped looking at this.
First time it’s happening to me, makes me feel uncomfortable.
Encrypt everything pre-upload and you won’t have to care about the security of individual cloud providers ever again.
This is normal. All of my accounts have looked like this for years. So I imagine every account with Microsoft will see this bombardment of someone trying to get in.
It’s not just Microsoft - every server on the internet with an open port gets bombarded all of the time. It’s just the way of the internet. So if you move your account to another platform it’ll see the same bombardment as it does now.
I have the same issue. For me it’s mainly some ip address in Russia but it bounces around. I’ve had the 2FA enabled on my account for at least a year now. I have a unique, random password for it. Recently (like a month or two ago) the 2FA app popped up with a message to click on the number to verify or deny. I knew it wasn’t me so I denied it.
I was worried someone had managed to guess my long ass password but I fiddled around with it and it’s possible to get that 2FA prompt when you are trying to do a password recovery. So I just let it ago and haven’t gotten any others since. I still feel like I should chang my email but based on what others are saying it doesn’t seem like it will make a difference.
Activated tfa? So does that mean u didn’t have 2fa activated?
Activated yesterday, using MS Authenticator now, before I would get code on my email to verify and authenticate.
Probably change that email password too
👍
I’ve been getting in the habit of using per service emails and rotating them like my passwords (if the service allows). MS allows this (assuming the account is not for your email). I’ve changed it 5-6 times. Except for Skype which I don’t use. Can’t seem to change that one myself.
Others mentioned YubiKey. Another alternative I use is both an OnlyPass and Mooltipass, interchangeably. They act as keyboards and work with any device I’ve tried that supports USB keyboards without some agent always running. With it I’ll add an extra 56 random characters on top of my memorized passphrase for critical systems (disk encryption, system login, password manager).
I’d say ignore it, or if you’d like it to stop, create a new email alias and change your login settings so it only allows you to sign it with the new alias (and don’t use that email for anything)
Edit: I just noticed there are some successful sign ins. Make sure to change your password, add 2fa, and log out of all devices
