cross-posted from: https://lemmy.world/post/12063839

Someone keeps trying to access my MS account

Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

    • cooopsspace@infosec.pub
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      10 months ago

      Yes!

      In fact, I have an NFC one which id highly recommend and just scan my phone on it and log into my password manager.

      Two is one, one is none though. You need to set up both keys on each website or app. Then lock one away.