Microsoft Acct (single use code)

Someone is requesting access to my Microsoft Account every few hours…

We’ve received your request for a single-use code to use with your Microsoft account.

the emails say “If you didn’t request this code, you can safely ignore this email. Someone else might have typed your email address by mistake.” but obviously?? someone is terminally keyboard-lexic or there is something I haven’t considered

Anything to be concerned about? and if so what can be done if anything?

System works as intended?

Is it at regular intervals? Human error would be, well, less like a machine.

Change your password to something unique and complex as a precaution I guess.

Also, https://haveibeenpwned.com/

I keep getting an email purporting to be from Microsoft about attempts to access my email account from Moscow and requesting me to “click here” to check. Even though i KNOW it’s a scam it’s surprising how disconcerting it is. Not surprising that these things work.

Yes I keep getting that one at the moment DrJ

But its my old work one so they are welcome to it 😀 I only know as the email they are using is an almost dead account that I just used for recovery purposes, and seeing as it goes in junk/spam its easy to delete

I once actually got a call from Microsoft (really) saying that there were persistent attempts to get into my account from DPRK.  There is a lot more of this stuff going on than you imagine.  You can’t stop it but you can, as Cougar says, use a more complex password and more importantly turn on 2FA

Or, along with MFA, choose to go passwordless as well.

To see what’s going on with sign in attempts go to My Microsoft Account (top right hand corner of the web site you are signed into / hotmail) | Security | Sign in activity. That will show you recent attempts to logon. As I’ve gone passwordless I don’t appear to get the notifications that an attempt has been made to login. Looks like there have been attempts to logon to my account from the USA, Hong Kong, China and the UAE. It’s enlightening when you get to see this information and reinforces how important securing your accounts are.

along with MFA, choose to go passwordless as well.

I don’t really understand this. At the moment to log on I need a password and my phone (authenticator app). How does going passwordless help? Not being obnoxious, I just don’t understand:-)

I don’t really understand this. At the moment to log on I need a password and my phone (authenticator app).

The idea I think is that you just use the 2nd method, eg.an authenticator, and the password is switched off as a login method.  I know that if I try and login somewhere it’s asks me to approve it on my phone rather than using a password but i haven’t gone fully password less yet.  I need to have signed into my phone of course, it’s not enough just to physically have my phone

My password manager warned me a few weeks ago that my Microsoft account had been found found in a data breach and advised me to change my password.

I don’t really understand this. At the moment to log on I need a password and my phone (authenticator app). How does going passwordless help? Not being obnoxious, I just don’t understand:-)

Primarily it takes away what is typically the weakest link in identity – a password. Without a password to attack / attempt to crack there’s really very little that can be done against your account. MFA is a strong way of adding protection to your account and is arguably easier to do.

Does anyone use a Microsoft passwordless account with their xbox? Just wondering how seamless that is.

Primarily it takes away what is typically the weakest link in identity – a password

Sure but the attacker ALSO needs my authenticator code?

(edit – glitch in matrix 403 error)

Cheers, my pwd is fairly long and complex… not something I want to change and I think it’s fine by itself unless MS are hacked.

Useful link to the account… it seems a few Russian based failed logins…