I've been dealing with repeated access attempts to my Microsoft account even though I create strong passwords like 'm-=66bXKce8wvEnnn)6bF4iT=u35FekoiTAS77Iz5pA9=70z55_pRt'8ZvNt8eaM'. I keep getting two-factor authentication (2FA) prompts on my phone, which I deny, and then I change my password, but it happens again just a few days later. I don't even use my Microsoft account often and my only device that connects to it is an old laptop that hasn't been used in a while. How are hackers managing to do this? I've considered the possibility of a keylogger, but I'm not typing it anywhere; I use a password manager and copy-paste my passwords during resets.
4 Answers
Just a heads-up, even if you have a strong password, attackers can still exploit the two-factor authentication reset system. They might try logging in with your email and go through the password reset process, which allows them to use 2FA to gain access without actually knowing your password. It's a weird system on Microsoft's part, and I've experienced similar attacks myself, sometimes in waves!
It sounds like your password isn’t being cracked directly. Instead, hackers might be reusing old access tokens or exploiting previous authorized apps linked to your Microsoft account. They could also be accessing your email or finding ways into your account that don’t rely on your current password. If you change your password, but they are using older credentials that are still valid, you’ll keep getting those login attempts.
That's a good point. It's definitely wise to check all devices connected to your account and revoke access to anything that looks suspicious.
Is there a way to invalidate all old tokens? That might help.
If you're changing your password completely each time, that’s a good step! But make sure you also check for any old devices still linked to your account and try to remove them. You never know what could be accessing your info.
I will definitely look into removing old devices and updating my security settings!
There are a few possibilities here. You might be getting phished, or your email could have been compromised. There’s also a chance you have malware like a keylogger on your device. Make sure your password manager hasn’t been breached as well, as that could lead to similar issues.
I doubt phishing is the issue, but I'll check everything else.
If the password manager had a breach, you'd notice issues across all your accounts, not just your Microsoft one.
Yeah, I think I need to keep an eye on my account's login history for any unusual activity.