Someone Has Hacked My Hotmail Email Address...

NiceAndShy · 18 Dec 2016

Kari said:

Nobody (I repeat: nobody) can sign in to your Microsoft email account (hotmail.com, outlook.com, live.com, msn.com) if you set up two step verification.

Go to https://account.live.com, select Account & privacy, select More security settings, scroll down to Two-step verification and turn it on (tutorial).

Having two-step verification on, whenever I or anyone else tries to sign-in to my account from a non-trusted device, I or a possible unauthorized intruder will be asked to enter a security code which will be sent to my mobile phone. Without this code sign in will be declined. A non-trusted device is any PC or any browser I have not used to sign in before.

Because Microsoft offers this two-step verification, all unauthorized log ins are user's own fault because user has selected not to use two-step verification.

Kari

I'm looking into "2 step verification" now.

NiceAndShy · 18 Dec 2016

I've now changed my password.

Is it possible for me to see a longer history of "Recent Activity"? as it only goes back 3 weeks...

NiceAndShy · 19 Dec 2016

Is "2 Step Verification" the best thing I can do in terms of security?

EDIT:

What happened to those "Secret Questions and Answers" that Hotmail used to have? Does anyone have a Microsoft link for what happened?

I remember that someone I knew actually knew the answer to my "Secret Question" so could that person still have access to my Hotmail account?

Asuza · 19 Dec 2016

Security is a personal preference.

Make sure to use long and complex passwords, at least 20 characters long. Also use a different password for every account/website and change them monthly.
Sometimes websites databases get breached and the usernames/emails with password are in the wrong hands. If you use the same username and password for every website you are totally screwed then.

Don't trust any device that is not yours. Do not log into computers at an Internet Cafe. I would never enter my credentials at an Internet Cafe. Perhaps they have a keylogger installed.

Also use 2FA when available.

About security questions , do not make the answer an actual answer (e.g: My cat is named Mittens) but use a complex password there instead.

Probably a very important one; do not let web browser remember your passwords. It is a piece of cake to extract all the saved passwords/usernames from Chrome with a simple tool.

NiceAndShy · 19 Dec 2016

This is what I'm worried about: Where the hacker is able to login into my Hotmail account without me knowing he has accessed it.

"Review your account information

If someone else got into your account, you want to make sure they didn't use your data or change your settings. Sometimes attackers make back doors into your account so they can still see your information after you reset your password. Use the following steps to review your important settings."
Link: https://support.microsoft.com/en-us/...omised-account

Cliff S · 19 Dec 2016

Asuza said:

Security is a personal preference.

Make sure to use long and complex passwords, at least 20 characters long. Also use a different password for every account/website and change them monthly.
Sometimes websites databases get breached and the usernames/emails with password are in the wrong hands. If you use the same username and password for every website you are totally screwed then.

Don't trust any device that is not yours. Do not log into computers at an Internet Cafe. I would never enter my credentials at an Internet Cafe. Perhaps they have a keylogger installed.

Also use 2FA when available.

About security questions , do not make the answer an actual answer (e.g: My cat is named Mittens) but use a complex password there instead.

Probably a very important one; do not let web browser remember your passwords. It is a piece of cake to extract all the saved passwords/usernames from Chrome with a simple tool.

Everything Asuza said is good, except you do not need to change your password monthly, as this is counter productive:
1) If you use a strong password and change it monthly, when are you going to be able to remember it?
2) Changing a password too often generally makes the user pick an "easy to remember", spoken: easy to crack.

The downside of changing passwords is that it makes them harder to remember. And if you force people to change their passwords regularly, they're more likely to choose easy-to-remember -- and easy-to-guess -- passwords than they are if they can use the same passwords for many years. So any password-changing policy needs to be chosen with that consideration in mind.

The primary reason to give an authentication credential -- not just a password, but any authentication credential -- an expiration date is to limit the amount of time a lost, stolen, or forged credential can be used by someone else. If a membership card expires after a year, then if someone steals that card he can at most get a year's worth of benefit out of it. After that, it's useless.

This becomes less important when the credential contains a biometric -- even a photograph -- or is verified online. It's much less important for a credit card or passport to have an expiration date, now that they're not so much bearer documents as just pointers to a database. If, for example, the credit card database knows when a card is no longer valid, there’s no reason to put an expiration date on the card. But the expiration date does mean that a forgery is only good for a limited length of time.

Passwords are no different. If a hacker gets your password either by guessing or stealing it, he can access your network as long as your password is valid. If you have to update your password every quarter, that significantly limits the utility of that password to the attacker.

Changing Passwords - Schneier on Security

NavyLCDR · 19 Dec 2016

I have all my password on a yellow sticky note stuck to my computer monitor both at home and at work.

I'm just kidding - it's really stuck to the underside of my keyboard.

Just kidding again.

Cliff S · 19 Dec 2016

NavyLCDR said:

I have all my password on a yellow sticky note stuck to my computer monitor both at home and at work.

I'm just kidding - it's really stuck to the underside of my keyboard.

Just kidding again.

I have a little green book, not kiddin

It has all my passwords & OS & software keys
It also contains my system "Offline" command prompt commands and how to set Ubuntu to rum Trim at boot, My disk partition, and the partitions & disks where I have moved OneDrive, and my libraries.
If I ever lost that green book....

Someone Has Hacked My Hotmail Email Address...-suizide.gif

NiceAndShy · 21 Dec 2016

Thanks!

Does anyone use a "password manager" service?

SoFine409 · 21 Dec 2016

Cliff S said:

I have a little green book, not kiddin

It has all my passwords & OS & software keys
It also contains my system "Offline" command prompt commands and how to set Ubuntu to rum Trim at boot, My disk partition, and the partitions & disks where I have moved OneDrive, and my libraries.
If I ever lost that green book....

I did that as well but some time ago I started keeping them in a binder with plastic sleeves. The original is a Word document that's kept on a USB stick that's separate from the PC. I also keep recovery notes and procedures for rebuilding all my PCs together with serial numbers and activation codes for software. This has saved me on several ocassions.