I've been having a frustrating issue with my Microsoft account that's getting hacked multiple times, even though I use a very strong password like 'm-=66bXKce8wvEnnn)6bF4iT=u35FekoiTAS77Iz5pA9=70z55_pRt'8ZvNt8eaM'. I get pop-up requests on my phone for two-factor authentication, which I always deny, and then I change my password again. This happens every few days. I don't use a console with Microsoft, and I only have one laptop that's been inactive for a while. I'm really puzzled about how these hackers keep managing to get in! By the way, I use a key safe to create and save passwords, copying and pasting them when I reset. Any insights on how they're getting around my security?
5 Answers
There are a few possible reasons for this: 1) You could be falling for phishing attempts. 2) Your Microsoft account or email might be compromised. 3) There's a chance of malware, like a keylogger, on your PC. 4) If you're using a password manager, that could be the weak link if it's been breached.
One thing to consider: are you just slightly altering your password when you change it? Incrementing numbers or similar might not be enough. Make sure you're completely changing it to something different each time.
It sounds like your password isn't really being cracked. More likely, it’s a case of someone reusing trust with your account. This could be due to a stolen session token that’s still active, a third-party app you authorized that might be compromised, or someone accessing your email tied to the account. Even changing the password won’t invalidate sessions that are already active, which is why these attempts keep happening shortly after you change it.
You might want to look into passwordless login options. Attackers don’t always need your password; they can send 2FA notifications to your phone simply by knowing your email and using the forgot password route. Microsoft has been known for this kind of issue. It might depend on the waves of login attempts you're getting, so check your security history for any suspicious logins.
Make sure you're clear on who 'they' are and what service is sending the login notifications. It's also crucial to check how you're managing your passwords. Getting specific with those details can help narrow things down.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads