I still use my first ever made email address, at this point it’s pushing 28 years old. However I have a major problem. I can rarely log into it anymore. There are so many attempts to login to the account daily from whoever out there that wants to gain access that the login is normally locked out for a period of time. At this point I’ve moved everything of financial value off of it as someone did get access once, but there are still plenty of random little things I’d like to hang on to it for.
I know I can just make a new one and ditch that one as a quick solution, but I figured i’d ask a wider community if they had any insights I might not have. It’s a Microsoft account, and my windows is tied to it, but I’m pretty sure I can just migrate that to something new.
Why not let that email get forwarded to another email account of yours ?
That is/was the plan, I was just wondering what insights people who actually know about privacy stuff would have overall. And I have been educated nicely thanks to a bunch of the folks on here.
but there are still plenty of random little things I’d like to hang on to it for.
Changing email addresses is a nightmare, I know. A lot of companies are not event technologically equipped to handle it because, as far as they’re concerned, your email address IS your account, and account numbers are not a thing. But you need to bite the bullet and get it done. That sounds like a huge security vulnerability.
It’s a Microsoft account, and my windows is tied to it
“tied to it” how? Use a local account. No Microsoft necessary. Alternatively, stop using Windows 😀
This brings me memories from when I had my @hellokitty.com email.
Have you already tried adding an authenticator / passkeys, OP? Those are the only thing I can think of.
Oh, so you are Bob@gmail.com, I’m sorry
Hotmail
Fairly sure Gmail wasn’t around 28 years ago.
I have an old email from when I was like 7 and signed up on a range of different gaming websites.
Now however, I use proton mail. They even own SimpleLogin, so all I do it generate hundreds of email aliases. No website know my actual email address and each mail received to these aliases, are forwarded to my actual proton mail account. Using Keepass or another password manager of choice, is a wise idea so you don’t have to remember all these accounts. Simple! Both secure, and private as it would be difficult to identify each account to an identity
Yeah so I had this as well. Every day or so I’d get locked out, had to do the sms unlock thing which sometimes wouldn’t work.
What I did is I added an alias to the account, made it the primary and removed login priviliges from the ‘old’ one.
For all the things you still use the address, it’ll be fine. It’s just MS based logins that’s you’d have to change.
Do you log into your account using a web interface? I’d guess IMAP/SMTP isn’t limited by login attempts, only web logins. You could set up an email client on your devices and use it through that instead.
No matter what, I’d advise you to use a strong password, just to be safe.
I rotate my password every 6 months at this point. It’s about as secure as a human who wants to remember a password could be. It’s 20+ characters with all the various password needed inclusions.
And yeah, I can access it through an external application without issue. But if I ever want to change settings or make new email rules it becomes an issue.
You can use a password manager so you don’t have to remember it. And enable 2FA, shouldn’t really be possible for some rando to get into it, only well-resourced and organised attackers.
Then your best bet is switching to a new email.
AFAIK consumer MS accounts don’t allow you to lock down access to a single IP. Adding MFA may help. If that doesn’t work, contact MS support and see if they can add a geolock to the account to only allow auth attempts from your country.
MS may also be able to change the email address then add your old one as an alias.
Can you just forward the email? Basically use it as a mail drop.
Which email provider is the account with?
I think the best approach would be to contact Microsoft customer support
Good luck with that. You’ll get gray hair before you talk to a real person who actually can help you
Yeah I have an old email as well. I rarely log into it, but when I did I saw there are daily attempts from China and whatnot trying to log into it.
Not in the situation where the account is locked out though. I always wondered if you couldn’t reach out to m$ and ask for a geo block at the least.
It would be great to have like a controllable firewall setting so you could like lock out anything from your state but if you are going on vacation then before you go you can open up another state or country or such.
I mean. For the majority geo blocking off anything except their main region would be fine ( whitelisting Europe for Europeans will be fine for the most part ). Especially if you make it opt-in rather than opt-out.
Though I assume they would likely just continue their hack attempts over VPNs.
yeah at least it would make it a bit more work and honestly its often about not being the low hanging fruit. Im a home body so I would not mind bringing it a bit more local. Figure it would add to their vpn headaches as going to the region would not be enough.
Use a password manager and generate a really strong password, something like 40 characters, that will help with someone actually getting in.
The locked account is weird, it’s usually tied to an IP address or something, can’t help there.
