Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

  • edric@lemm.ee
    link
    fedilink
    arrow-up
    14
    ·
    edit-2
    10 months ago

    Brute force attacks are usually done offline, where the attacker somehow gets a copy of a database of hashed passwords and they can take as many attempts as they want locally before they get a hit and can try it online.