I sure don’t feel safe just ignoring it, considering the frequency.

  • eezeebee@lemmy.caOP
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    Also, use two factor, a password manager, and keep your recovery codes somewhere safe. The usual security person mantr

    Well, I found the recent activity and none of these were me. At least they all appear to say Unsuccessful sign-in.

    • ricecake@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Yup, that would indicate that likely a bot is trying to guess it’s way in.

      You are still safe.

      The only weird thing here is that Microsoft lets such things bother you instead of guessing that you didn’t teleport to Brazil and instead putting a little extra burden on the Brazil end before sending you an email.

      If you’re still feeling worried, the biggest thing you can do is enable two-factor auth (which you should do anyway), or even better: enable something like passkeys which are very secure and also easier than username/password.

      Two-factor/password manager is the “remember to brush and floss” of the security industry, so… Please do those things. :)

    • hinterlufer@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 months ago

      You can create an email alias for your Microsoft account and then only enable login from that account. If you then do not use that email for anything but the login, you should be pretty safe from credential stuffing attacks.

      I had a very similar issue with multiple failed login attempts and changing my login email stopped it right away.