Microsoft account weirdness

[natenaaron]

I am the sole user of my laptop but the family uses one microsoft account because of our microsoft office subscription. For the longest time office has been booting us out, not logging in, or saying the subscription was out of date. I went into our account and everything was fine. subscription paid up, everything good. A few days later it all started again. We have been able to log in to the computer all the time.

This morning my laptop logged in fine.

1. After it went to sleep it would not recognize me. I use facial recognition.
2. Nothing until it told me to enter my pin.
3. Entered it and I got in.
4. I then went to my account and it would not log in.
5. I tried the forgot password and I did not exist.
6. I restarted my computer and got in fine
7. I googled microsoft account
8. clicked the link
9. before I did anything I clicked forgot login
10. Microsoft said it would send info to my email
11. The email it tried to send to was not mine.

This is weird

I changed my login.

 

[RayClem]

It sounds like someone hacked your Microsoft account.

I suggest scanning your computers with more than one antivirus software looking for malware.
You may have a trojan, keylogger or other software installed on your computer without your knowledge.

Make sure all you passwords are strong(numbers, symbols, upper and lower case, etc.). If necessary, use a password manager that is encrypted. I use Lastpass, but there are others . With a massword manager, you can use different passwords for different sites so that a password stolen on one site won't provide access to multiple sites.

Good luck!

 

[hydro-magic]

3 words - Multi Factor Authentication. Once you get back into your account, enable it. It does sound like someone hacked your account and it can be a nightmare to recover from that. MFA will make it harder for someone to hack it again. Google and Microsoft accounts are highly prized targets for hackers and if you're not using MFA on them, you will get hacked at some point.

 

[natenaaron]

3 words - Multi Factor Authentication. Once you get back into your account, enable it. It does sound like someone hacked your account and it can be a nightmare to recover from that. MFA will make it harder for someone to hack it again. Google and Microsoft accounts are highly prized targets for hackers and if you're not using MFA on them, you will get hacked at some point.

I have never heard of this. I will look into it.

I run Malwarebytes and Superantispyware regularly as well as windows defender. Any thoughts on a better scanner than these because I guess they did not catch something?

 

[sneefy]

It sounds like someone hacked your Microsoft account.

This.

I suggest scanning your computers with more than one antivirus software looking for malware.
You may have a trojan, keylogger or other software installed on your computer without your knowledge.

More likely that a weak password was used.

Make sure all you passwords are strong(numbers, symbols, upper and lower case, etc.).

Password length is all that matters. Alternate characters, capitalization, etc. are largely irrelevant. It's all about the number of digits. A 32 character password, for example, is approx. 128 bit encryption.

An easy way to create a strong and memorable password is to use 4 words that have meaning to you but are not necessarily related to each other. e.g. "monkey whooping canoe capsize"

Do not reuse passwords. Ever.

If necessary, use a password manager that is encrypted. I use Lastpass, but there are others . With a massword manager, you can use different passwords for different sites so that a password stolen on one site won't provide access to multiple sites.

This.

LastPass, 1Password, Dashlane, Keepass, etc. Use one. Make sure the entry password is very strong and use MFA for everything whether that means a text or an authenticator app.

Change your passwords, especially if your Microsoft password was similar to any other password you used. Ditch Superantispyware.

 

[hydro-magic]

I have never heard of this. I will look into it.

I run Malwarebytes and Superantispyware regularly as well as windows defender. Any thoughts on a better scanner than these because I guess they did not catch something?

Not necessarily. It sort of sounds to me like someone just got your password and that can happen without hacking your computer. The things you're using should be fine or at least as good as anything else.

MFA works by forcing someone to have your password as well as a thing to login. For most people, the thing you need is a phone that can receive text messages but there are some other ways.

 

[pault]

I am using bitwarden and love it, generate whatever length you want put it in to each site and it keeps the info, log in and never have to remember the password, just log into bitwarden.


Sent from my iPad using Tapatalk

 

[Raissermesser]

Password length is all that matters. Alternate characters, capitalization, etc. are largely irrelevant. It's all about the number of digits. A 32 character password, for example, is approx. 128 bit encryption.

An easy way to create a strong and memorable password is to use 4 words that have meaning to you but are not necessarily related to each other. e.g. "monkey whooping canoe capsize"

Do not reuse passwords. Ever.

The point of using a variety of characters is to increase the odds. If you know a password is all hexidecimal, then the odds of cracking it is 16^n, where n is the number of characters. For decimal only, it's 10^n; for lower case only 24^n; the same for upper case only. For decimal numbers and upper and lower case characters, it's 58^n. I think, without counting keys, that adding "special" characters gives you 95^n.

It's possible to make the argument that computers are so fast now, particularly run parallel, that for short pass words it makes no practical difference, so from that perspective password length matters. But if you used only hexidecimal characters for a password 32 characters long, then the odds of cracking it through brute force is 1 to 3.4028x10^38. Make that 32 characters from a pool of 95 and it's 1 to 1.9371 x 10^63.

Pass phrases are good if the words are chosen at random and are long enough. Those interested can look into Diceware, which consists of five dice and a list of words. Roll the dice, look up the number, and pick the word. The downside is the pool is limited to 7,776 words. The upside is that, pick enough words, that doesn't matter. The chance of cracking a four word passphrase if the Diceware word list is known is just 1 to 3.6562 x 10^15. Up it to a ten word passphrase, and you have 1 to 8.0828x 10^38 chance of cracking it.