Over the past few days, I’ve been receiving multiple emails from Microsoft’s Account Team with single-use codes. At first, I assumed that my son or wife was trying to access the account. And the folks at Microsoft added the text “If you didn’t request this code, you can safely ignore this email. Someone else might have typed your email address by mistake.” But I started to get concerned as the number of these messages increased and no one said “hey dad, I can’t get in the Office”. Finally, I decided it was time to figure out what was going on.
So, I first logged into my Microsoft account (account.microsoft.com) and went to the security panel. From there I opened “View My Activity”.
What I saw alarmed me. There multiple attempts to log in from places like Vietnam and Guyana.
Now, I was pretty confident in my account’s security. I update my password regularly and use a strong password. And when I looked at the “session activity” it states that “incorrect password entered”. Which seems pretty solid. I’m pretty sure that an old password has been leaked from a data breach and is in some list available on the dark web.
But I think it’s not adequate. Exploring further, I realize that I had not yet enabled two-factor authentication, nor connected it to my authentication app. So, I fixed that promptly. I firmly believe everyone really should do these steps for all their account. Do you know where to do that? I thought I’d help out by adding the steps.
One enables that from the Advanced security panel.
I encourage all of you to make sure your security settings are using the most up-to-date protocols:
- Multifactor authenication
- Authentication Apps
- Pass Keys
Also, I opted to sign out of EVERY app. Yeah, it’s a bit of a pain, but I don’t want to have my information compromised. I like that I can do that from the control panel.
Anyway, we really can’t be too safe on today’s internet, can’t we?
Have you seen a spike in Microsoft Single Use Code emails that are not from you? Let me know in the comments.