Securing Microsoft Hotmail account

Fed up talking videogames? Why?
User avatar
KingK
Member
Joined in 2008

PostSecuring Microsoft Hotmail account
by KingK » Sun May 02, 2021 9:42 am

I accessed my Recent Activity page on my Microsoft account yesterday for the first time and was shocked to see just how many attempts there have been from all around the world trying to login to my account!

Luckily I have 2FA on and all attempts have been unsuccessful. When I login, I am sent a prompt to approve or deny through the MS Authenticator app.

These attempts happen multiple times a day from different countries, on a mix on devices and browsers apparently. A unique IP address is being quoted per attempt. Over this week attempts have been made from Brazil, China, Taiwan, South Africa, USA, etc!

However yesterday MS sent me an email (which is what prompted me to look on my account). This email states MS had seen I'd attempted to login with my password on one of the following devices and as such I'd need an app password! Yet it wasn't me.

My Password is, in my eyes, very strong. It has 3 unique non-dictionary words mixed with numbers and special characters and is over 20 chars long. It's not something I'd expect anyone to be able to randomly generate or guess.

However, in light of MS's email, am I wrong?

There doesn't appear to be any wrong activity on my account. I still can access my emails on multiple devices and my xbox doesn't show any signs of someone playing on my account or attempting to redeem my Rewards Points.

Is this just "one of those things" that everyone is subjected to nowadays? The multiple failed logins have never been alerted to me, but the email re needing to set up an app password has me worried.

Any advice welcomed. TIA.

User avatar
rinks
Member
Member
Joined in 2008
Location: Aboard the train that goes around the world

PostRe: Securing Microsoft Hotmail account
by rinks » Sun May 02, 2021 10:01 am

Are you sure the email itself was genuine?

I would find the number of attempted logins quite alarming. I’ve just checked my activity, and there are only two failed attempts in the last month.

User avatar
KingK
Member
Joined in 2008

PostRe: Securing Microsoft Hotmail account
by KingK » Sun May 02, 2021 10:15 am

rinks wrote:Are you sure the email itself was genuine?

I dunno. Maybe? I'm aware scammers concoct email addresses to use key words such as the firm name within it to make it look genuine (which this one did), but also I'm aware of genuine emails sent which have stupid long email addresses similar to this one too.

This is the sending address
account-security-noreply@
accountprotection.microsoft.com

How can this be checked if it's genuine or not?

I didn't click on the link provided. Instead I accessed via my bookmarked MS login page

User avatar
KingK
Member
Joined in 2008

PostRe: Securing Microsoft Hotmail account
by KingK » Sun May 02, 2021 10:20 am

I've had my email address for 25 years and it is a basic fullname@hotmail type. No numbers or anything in it. It's professional and great for providing for recruiters when I've needed to over the years.

I guess that also makes it easier to spam? I know too that my email address has been involved in leaks from LinkedIn and Sony over the years but the passwords used with those were changed and are different from any other. I use unique passwords for every site nowadays

User avatar
rinks
Member
Member
Joined in 2008
Location: Aboard the train that goes around the world

PostRe: Securing Microsoft Hotmail account
by rinks » Sun May 02, 2021 10:27 am

I’d check the links in the email. The sending address can be made to look genuine, but it’s where they try to get you to click to that is the giveaway.

User avatar
rinks
Member
Member
Joined in 2008
Location: Aboard the train that goes around the world

PostRe: Securing Microsoft Hotmail account
by rinks » Sun May 02, 2021 10:29 am

KingK wrote:I've had my email address for 25 years and it is a basic fullname@hotmail type. No numbers or anything in it. It's professional and great for providing for recruiters when I've needed to over the years.

I guess that also makes it easier to spam? I know too that my email address has been involved in leaks from LinkedIn and Sony over the years but the passwords used with those were changed and are different from any other. I use unique passwords for every site nowadays

Yeah, my own email address is similarly “tidy” in format. I get literally hundreds of spam emails a day.

User avatar
Prototype
Member
Joined in 2008

PostRe: Securing Microsoft Hotmail account
by Prototype » Sun May 02, 2021 10:40 am

I had to move away from hotmail as their spam filters were atrocious. I was bombarded with failed log-in attempts and spam. Perhaps time to bite the bullet and move to Gmail (Which I find to be far superior)?

User avatar
rinks
Member
Member
Joined in 2008
Location: Aboard the train that goes around the world

PostRe: Securing Microsoft Hotmail account
by rinks » Sun May 02, 2021 10:56 am

Prototype wrote:I had to move away from hotmail as their spam filters were atrocious. I was bombarded with failed log-in attempts and spam. Perhaps time to bite the bullet and move to Gmail (Which I find to be far superior)?

Agreed, Gmail’s spam filter is superb.

User avatar
Meep
Member
Joined in 2010
Location: Belfast

PostRe: Securing Microsoft Hotmail account
by Meep » Sun May 02, 2021 11:19 am

I have a gmail account as well as my MS one, however I have always been a bit apprehensive about using it as Google are essentially and advertisement company and I am hesitant to give them that much information. Not that I have any illusions about MS either.

The ideal situation would be to have a private email server with my own domain but that gives up a lot of convenience and would be a pain to set, not to mention not as reliable.

User avatar
OrangeRKN
Community Sec.
Joined in 2015
Location: Reading, UK
Contact:

PostRe: Securing Microsoft Hotmail account
by OrangeRKN » Sun May 02, 2021 12:02 pm

Change your password if you're worried. If your email appears in password lists then that would explain it getting tried all the time from various places and probably isn't anything particularly to worry about, the internet just be like that.

Given the app password email, if it is genuine (hover the link to check where it actually goes, never actually click it), I would suggest you change your password just in case. Could it have been from an old console or phone you sold on that had your creds saved?

Image
Image
orkn.uk - Top 5 Games of 2023 - SW-6533-2461-3235
User avatar
OrangeRKN
Community Sec.
Joined in 2015
Location: Reading, UK
Contact:

PostRe: Securing Microsoft Hotmail account
by OrangeRKN » Sun May 02, 2021 12:09 pm

Meep wrote:I have a gmail account as well as my MS one, however I have always been a bit apprehensive about using it as Google are essentially and advertisement company and I am hesitant to give them that much information. Not that I have any illusions about MS either.

The ideal situation would be to have a private email server with my own domain but that gives up a lot of convenience and would be a pain to set, not to mention not as reliable.


It sounds ideal but the amount of security consideration, anti-spam and the like just makes it untenable imo. For something as important in the modern world as email I don't like that MS/google scan all the content of all your emails to profile you and sell adverts, but they are probably the most trustworthy on security, reliability, being recognised by others and an expectation to be around for decades into the future. It's a bit of a dystopian reality.

Image
Image
orkn.uk - Top 5 Games of 2023 - SW-6533-2461-3235
User avatar
Zilnad
Member
Joined in 2019

PostRe: Securing Microsoft Hotmail account
by Zilnad » Sun May 02, 2021 12:55 pm

Where do you even find this information? I want to check my account now.

User avatar
massimo
Member
Joined in 2008

PostRe: Securing Microsoft Hotmail account
by massimo » Sun May 02, 2021 1:02 pm

You can check here…
https://haveibeenpwned.com/
I would change your password, just in case. As your previous, use a randomly generated phrase/string.
A lot of these attempts could be part of the scammers attempt to trick you into clicking a link in an email.
Eg. They try to log into your account which generates legitimate emails from hotmail.
Then they send you their own email made to look like it’s from hotmail.
They want you to eventually fall for it and click on a link which will take you to a website which looks like hotmail, where you’ll login with your credentials.

Change your password to be sure, be vigilant.
You should be fine. They’ll get bored and leave you alone eventually.

Edit: also one more thing…you use unique passwords for all websites and services right?

User avatar
KingK
Member
Joined in 2008

PostRe: Securing Microsoft Hotmail account
by KingK » Sun May 02, 2021 2:28 pm

Thanks for the replies guys.

As I access my emails via phone and tablet, I can't hover over any links. I'd have to click one which I don't want to do for obvious reasons.

I do have a backup Gmail email address which is used 99% of the time purely to secure my Android phone Google & Samsung accounts. I keep that info separate from anything using my Hotmail one.

For those who wish to check, you'll need to sign in to your MS Live/Hotmail account on a browser (I've done it on Edge on Android phone, and also Safari on iPad). Then, search for 'recent activity within their search function. That should take you straight to it.

User avatar
Meep
Member
Joined in 2010
Location: Belfast

PostRe: Securing Microsoft Hotmail account
by Meep » Sun May 02, 2021 3:29 pm

OrangeRKN wrote:
Meep wrote:I have a gmail account as well as my MS one, however I have always been a bit apprehensive about using it as Google are essentially and advertisement company and I am hesitant to give them that much information. Not that I have any illusions about MS either.

The ideal situation would be to have a private email server with my own domain but that gives up a lot of convenience and would be a pain to set, not to mention not as reliable.


It sounds ideal but the amount of security consideration, anti-spam and the like just makes it untenable imo. For something as important in the modern world as email I don't like that MS/google scan all the content of all your emails to profile you and sell adverts, but they are probably the most trustworthy on security, reliability, being recognised by others and an expectation to be around for decades into the future. It's a bit of a dystopian reality.

I would happily pay a subscription (within reason) for an email account service where messages are stored in an encrypted data base and absolute privacy is assured. IMO, it is the single biggest weak point I have in terms of data security. I try to mitigate against it by using stuff like two-factor authentication where possible but the sheer number accounts and their reliance on email verification means its no always possible. Problem is that I don't know whether it's possible for a service like that to exist and for it still to be compatible with different clients in the same way MS outlook is, or Gmail.

User avatar
Zilnad
Member
Joined in 2019

PostRe: Securing Microsoft Hotmail account
by Zilnad » Mon May 03, 2021 1:35 pm

KingK wrote:For those who wish to check, you'll need to sign in to your MS Live/Hotmail account on a browser (I've done it on Edge on Android phone, and also Safari on iPad). Then, search for 'recent activity within their search function. That should take you straight to it.


I've just done this and now I'm scared.

60 failed attempts to sign in during April from places all over the world. My password is pretty damn strong but this has put the willies up me. I use my Outlook email address for literally everything.

Is it even possible to change email address for things like Steam and Playstation?

EDIT - Double checked that I had two step verification on and I've now added an authenticator and changed my password for good measure. I'm sure it's as safe as it possibly can be, it's just very disconcerting to find out how often people are trying to gain access.

User avatar
Green Gecko
Treasurer
Joined in 2008

PostRe: Securing Microsoft Hotmail account
by Green Gecko » Tue May 04, 2021 8:28 am

All of those brute force attempts are done on a monumental scale. Yes, unfortunately it is quite normal now.

"It should be common sense to just accept the message Nintendo are sending out through their actions."
_________________________________________

❤ btw GRcade costs money and depends on donations - please support one of the UK's oldest video gaming forums → HOW TO DONATE
User avatar
Green Gecko
Treasurer
Joined in 2008

PostRe: Securing Microsoft Hotmail account
by Green Gecko » Tue May 04, 2021 8:34 am

Meep wrote:
OrangeRKN wrote:
Meep wrote:I have a gmail account as well as my MS one, however I have always been a bit apprehensive about using it as Google are essentially and advertisement company and I am hesitant to give them that much information. Not that I have any illusions about MS either.

The ideal situation would be to have a private email server with my own domain but that gives up a lot of convenience and would be a pain to set, not to mention not as reliable.


It sounds ideal but the amount of security consideration, anti-spam and the like just makes it untenable imo. For something as important in the modern world as email I don't like that MS/google scan all the content of all your emails to profile you and sell adverts, but they are probably the most trustworthy on security, reliability, being recognised by others and an expectation to be around for decades into the future. It's a bit of a dystopian reality.

I would happily pay a subscription (within reason) for an email account service where messages are stored in an encrypted data base and absolute privacy is assured. IMO, it is the single biggest weak point I have in terms of data security. I try to mitigate against it by using stuff like two-factor authentication where possible but the sheer number accounts and their reliance on email verification means its no always possible. Problem is that I don't know whether it's possible for a service like that to exist and for it still to be compatible with different clients in the same way MS outlook is, or Gmail.

Gmail just uses IMAP (was POP) and SMTP supporting TLS encryption, Microsoft Exchange (Hotmail) is compatable with POP and SMTP as well. Can't you just run your own domain name and mailserver? I do, I use Gmail effectively as a client because it will let you read in any pop/IMAP account as send as (SMTP) whatever you like.

"It should be common sense to just accept the message Nintendo are sending out through their actions."
_________________________________________

❤ btw GRcade costs money and depends on donations - please support one of the UK's oldest video gaming forums → HOW TO DONATE
User avatar
Errkal
Member
Joined in 2011
Location: Hastings
Contact:

PostRe: Securing Microsoft Hotmail account
by Errkal » Tue May 04, 2021 9:09 am

Meep wrote:I would happily pay a subscription (within reason) for an email account service where messages are stored in an encrypted data base and absolute privacy is assured.


https://protonmail.com/

User avatar
Green Gecko
Treasurer
Joined in 2008

PostRe: Securing Microsoft Hotmail account
by Green Gecko » Tue May 04, 2021 9:30 am

Yup, the only downside is possibly used by nefarious types too I've had a few spam registrations from there but at least one I ruled out. If that keeps happening expect to be flagged as spam.

Gmail is at least as common for that though.

Wouldn't be a problemif they had no free tier but of course they have one to acquire.

"It should be common sense to just accept the message Nintendo are sending out through their actions."
_________________________________________

❤ btw GRcade costs money and depends on donations - please support one of the UK's oldest video gaming forums → HOW TO DONATE

Return to “Stuff”

Who is online

Users browsing this forum: Google [Bot], Skarjo, wensleydale and 405 guests