cross-posted from: https://lemmy.world/post/12063839

Someone keeps trying to access my MS account

Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

  • cooopsspace@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    9 months ago

    Buy two ubikeys, one for you and one for your safe or lockbox.

    Also use a password manager and don’t reuse passwords.

      • cooopsspace@infosec.pub
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        9 months ago

        Yes!

        In fact, I have an NFC one which id highly recommend and just scan my phone on it and log into my password manager.

        Two is one, one is none though. You need to set up both keys on each website or app. Then lock one away.