this post was submitted on 17 Feb 2024
137 points (96.6% liked)

techsupport

2469 readers
20 users here now

The Lemmy community will help you with your tech problems and questions about anything here. Do not be shy, we will try to help you.

If something works or if you find a solution to your problem let us know it will be greatly apreciated.

Rules: instance rules + stay on topic

Partnered communities:

You Should Know

Reddit

Software gore

Recommendations

founded 1 year ago
MODERATORS
 

Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 9 months ago

What you need to realize is that for Microsoft, these attacks are constant. They deal with them basically 24/7/365. The target might change, but the attacks never stop.

Between Hotmail, Outlook, and exchange online (365) they're handling a large number of attacks per second all the time.

If they started to inform you about it, they would easily triple the emails they're handling due to all the failure messages.

This is nothing new to them, it's been going on since long before you noticed. Any MFA will effectively stop any attacker in their tracks. Make sure you have changed your password since you got that code sent to you, since that usually indicates a successful password breach.

Yubikeys are a good idea but you should always have a backup, so if you can afford it, buy two. One to carry, one to use. The downside is that each needs to be enrolled separately to each service that they're used for. It's not an issue to have multiple keys associated to the account, so that would be my recommendation.

I have a yubikey for work, and I use TOTP as a backup, and personally, I have a pair of Google Titan security keys. One to carry and one to stay at home.