Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

  • Polkira@lemmy.ca
    8·
    9 months ago

    Hey so you actually can make it so an email address doesn’t log into the account, it’s how I stopped one particularly persistent hacking attempt when they finally managed to crack my password but were stopped by 2fa. Go to your profile > account info > sign in preferences, then as long as you have an alias email on the account you can deselect ones that you don’t want to be able to be used as a log-in.

    • stanka@lemmy.ml
      3·
      9 months ago

      With Microsoft I couldnt figure out how to enable 2fa against minecraft. Seems they do not have 2fa of any kind there and that is linked to your microsoft account. I guess the permissions there are just for minecraft, but if I was a betting man, I would venture there is a big hole there.