Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

  • kamiheku@sopuli.xyz
    link
    fedilink
    arrow-up
    44
    ·
    9 months ago

    They cracked my randomly generated password - which doesn’t surprise me that much, brute force cracker are pretty effective nowadays.

    I’m actually surprised that it’d be feasible to use a brute force approach to gain access to an online account. I would expect them to hit some kind of rate-limiting long before they’d find the correct password

    • edric@lemm.ee
      link
      fedilink
      arrow-up
      15
      ·
      edit-2
      9 months ago

      Brute force attacks are usually done offline, where the attacker somehow gets a copy of a database of hashed passwords and they can take as many attempts as they want locally before they get a hit and can try it online.

    • Itsamelemmy
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      9 months ago

      Looking at my history, they’re hours or a day apart. Probably no chance of getting into any halfway decent password that way, but if they can automate it with thousands of different email addresses, eventually they’d get an account with a weak password and get in.