Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Not To Get Locked Out of Your Microsoft Account While Traveling

I’m writing this on the last day of a trip taken to the Netherlands to visit relatives. As planned, I decided to play a little with a couple of my Microsoft accounts (aka Hotmail or Outlook.com accounts) to see if I could duplicate what so many people seem to experience: getting locked out while travelling abroad.

I didn’t get locked out.

Why I didn’t run into problems is pretty simple: I was prepared. (Though I also think something else played a part for at least one of my accounts; more on that in a moment.) But I can see how a lack of preparation can end up with accounts inaccessible until you return home.

Let’s review exactly what I mean by “preparation”, and how you can avoid getting locked out of your Microsoft account when you hit the road. I’ll also touch on why Microsoft takes these additional security steps.

Become a Patron of Ask Leo! and go ad-free!

Why?

The most common question (after “how do I unlock it?”) is “Why does Microsoft do this?!”

That’s actually very easy to explain.

The majority – I’d guess well over 80% – of Microsoft accounts are accessed from one, and only one, location. Perhaps more importantly, the vast majority – I’d say well over 95% – are accessed from one and only one country.

Most hackers operate from other countries. If your account, typically accessed from within one country, suddenly has a log-in attempt from a country on a completely different continent, that’s considered “unusual activity”. While it might be you doing the logging in, in the vast majority of cases, it’s not; it’s someone trying to hack your account.

When Microsoft sees this kind of unusual activity, they simply must take additional steps to confirm you are who you say you are, and that you are authorized to access your account.

Microsoft: Help Us Protect Your Account

What

The security measures are simply about proving you are not a hacker trying to break in to the account. You know you’re not a hacker, but Microsoft does not. The fact that you’re trying to log in from a foreign country actually makes it look like you could be.

The way you prove you’re not a hacker is to confirm additional information that you previously associated with your account.

Ownership Confirmation Methods

Typically, that means one of the following:

  • Proving you own an email account that you previously configured as one of the alternate emails for your account. You prove this by correctly entering the correct alternate email address (proving you know it), and entering a code sent to this email address (proving you have access to it).
  • Proving you own a telephone that you previously configured as the telephone number associated with this account. You prove this by entering a code sent to this number either by text message, or by voice (call).

Note that this information – the email addresses and/or phone number – are things you set up before you need them. If you didn’t set them up, or no longer have access to them, then you’re taken to the account recovery process, which tries to confirm you have the right to access your account via other means. Sadly, those other means are often both time consuming, and not guaranteed to work, in which case you’ll be locked out …

… perhaps permanently.

Your password is not enough when locked out

I often hear howls of indignation when people get locked out of their accounts. “I know my password! Why isn’t that enough?”

Simple: by logging in from another place, you look like a hacker who happens to know your password. That happens so often that Microsoft must take additional steps.

To be fair, this isn’t something they dreamed up to annoy you. Account theft is rampant, and a huge problem. These steps really do protect accounts from malicious access every single day.

Just have a look at the recent account activity on one of my test accounts.

Microsoft Account Activity

The entry for the Netherlands is correct, and correctly reflects that I was presented with a security challenge in order to log in to the account. This is where I am today.

The entries for Gibraltar, however, are not me. Someone, for some reason, was attempting to hack into this account. Fortunately, they don’t have my password, and even if they did, the security challenge that only I can pass would stop them from actually getting in.

That is why these additional security steps exist.

Be Prepared

I cannot stress this enough: be prepared when travelling.

  • Make sure your account’s alternate email addresses are correct, and that you have access to those email accounts.
  • Make sure the phone numbers associated with your account are correct, and that you can receive either texts or voice calls on those numbers.

Most importantly: make sure that one or both of those will still work when you’re travelling.

The number one cause of account loss (often total and permanent account loss) is when individuals have no alternate email or phone number, or have lost access to the email accounts or phone numbers they once had.

The number two cause of an account being unavailable while traveling? Having things properly configured, but finding out that the phone number doesn’t work overseas, or that you can’t get texts while traveling, or that the alternate email address also requires additional security verification from which you’re also blocked.

Be prepared. Plan ahead.

Challenge-free on my main account

I had to use one of my example Hotmail accounts to run the tests I did, because from the moment I arrived in Holland, my primary Hotmail account just worked. I was never asked to respond to a challenge.

I have a theory on why. I have to stress it’s only a theory.

It’s the account I use to log in to my Windows 10 machine – the Windows 10 laptop I was carrying with me.

My guess is that that machine acts as an additional layer of security confirmation, a pseudo second factor, if you will. The fact that this machine, which had previously logged in successfully (and fairly constantly) in the United States, was now physically present in the Netherlands may have been used as indicator to Microsoft’s security algorithm that made this look less like a hacker trying to break into my account, and more like me travelling.

As I said, it’s just a theory.

VPNs

Virtual Private Networks, or VPNs, can be used to secure your connection within a hotel or other public internet access, as well as making it look like you’re located in another country. For example, I could make it “look like” I was connecting from within the U.S. while here in Holland.

My attempts to use a VPN failed. I believe this is because the free internet option provided by my hotel blocks VPN communications.1 Had I been willing to pay more per day, I probably could have given it a shot. I have successfully used a VPN elsewhere, though not in a situation to sidestep additional security challenges.

What I hear from individuals who attempt to use VPNs is mixed. Sometimes they sidestep the security issues; sometimes they do not. All I can recommend here is that if you’re of a mind, or in a bind, give one a try. My current favorite is TunnelBear, which includes a free tier that should allow you to determine if it’s going to work for you.

Podcast audio

Play

Footnotes & references

1: The VPN was able to connect while I was in flight somewhere over Greenland, on the return trip.

21 comments on “How Not To Get Locked Out of Your Microsoft Account While Traveling”

  1. I was traveling in China last year and experienced the Microsoft Challenge. My backup email account is on Gmail, which is blocked by the Great Firewall of China. Fortunately, I bought a 30 day China upgrade on my AT&T iPhone, which meant my cell phone was with me and on the network. One interesting note on the iPhone was my Gmail was accessible. My iPad could not access anything Google when connecting with WiFi nor could any hotel computers or local computers. The cell phone allowed me to answer the challenge and successfully log into my Microsoft account.

  2. I’ve actually run into a technical problem with TunnelBear … repeated firewall requests when it’s installed on my Windows 10 machine, so I had to uninstall it there. (The request were benign, and not an indication of a problem, per se, but they were quite annoying. An implementation issue with TB’s networking hooks, as I understand it.)

  3. Your theory about your Microsoft account on your usual Windows 10 machine I think is valid. We were up at our trailer this summer and I tried to access something with either my Yahoo or Google account, and they wouldn’t let me log in because it didn’t recognize me as having used this computer (I think I might have recently cleaned my cookies). They actually told me that was why and since I couldn’t correctly type the password (or answer a security question … I can’t remember which it was), it blocked me. Once I got back home, no problem.

  4. I lost a yahoo account because I had changed internet ISP. When someone got into my account and changed the password I tried to go through the process yahoo has to get it back. But, because I no longer had the email account from the other ISP that was it.
    Still do not have that account back. Though I wrote the thief and “thanked” him.

    • My first free email account was with Yahoo. My reasoning was that I didn’t want to be locked into an ISP because of email. I have all of my accounts connected to at least 3 recovery accounts in case something goes wrong. I don’t even remember the email address associated with my ISP.

  5. Before I left the UK to visit Lithuania I visited my Microsoft account and set the laptop and tablet I travelled with as “trusted devices”, and had no problems. In case of accidents, I also had access to my Microsoft recovery code and ensured mobile phone number and alternate email were up to date and would work there, but did not need them. I think the “trusted devices” setup was the key to success.

  6. Leo, thank you for your good work! However I disagree with the article’s apologetics on behalf of Microsoft. Microsoft has far exceeded my threshold of abuse and NEGLIGENCE to its users. This is the beginning of a rapid end to a 20 year relationship with Microsoft, where I will find alternative resources for my needs wherever possible, and recommend the same to All that I know. Their inconceivable arrogance and negligence is way way way over the top in locking me out ***MY*** hotmail/Live email accounts.

    Really? A frequent international traveler. Now I traveled from home in Japan to family in the USA, and Microsoft suddenly locks me out. ***NOTE*** None of my banks locked me out from online banking, nor did yahoo.mail or gmail. Somehow, a simple flight in the year ***2016*** is this huge premise for security lockdown from my own account… to extract even more personal information from me, and then still nothing. While I’m visiting the U.S. for treatment for Heart Failure, I’m cut off from correspondence with my hospitals in Japan and the U.S., my health insurance, medical payment sites, emails from my banks, friends, place of employment, my OneDrive documents including phonelists and password lists, etc…

    No Leo. Microsoft is royally damaging 10’s of thousands of users; as any search on this topic will show. Microsoft could ***at the very least*** have a link at the top of their hotmail/Live mail page that asks: “Traveling soon? Don’t get locked out of your account” that links directly to askleo.com and your solutions. Right?

    • I don’t see that Leo is defending Microsoft. He has often criticized their policies. This isn’t a recommendation to use outlook.com. What he’s doing is to help people who got stuck with a lemon make lemonade out of it.

    • I’m sure that Microsoft has a policy against officially supporting any third party solutions site over which they have zero control (i.e. Ask Leo! 🙂 ).

      However you’ll get no disagreement from me: Microsoft could absolutely be handling this better, and they don’t need to be linking elsewhere to do it. My “apologetics”, as you call it, are simply to explain why they’ve taken the steps that they’ve taken.

      • While this article is about Microsoft / Hotmail, I’m a regular contributor to the Gmail Help Forum and this is a very real problem we see daily with users of Gmail accounts as well. However, just like Leo, I’ve traveled to places very far away from home and didn’t get locked out. Maybe because I always take my familiar Work laptop with me. Maybe because I always take my phone with me and can receive codes by text if necessary. My wife travels with me and uses my laptop to access her account without getting locked out either.

        Unlike Leo, my Work laptop is not configured to log in with personal Microsoft credentials, although it is on Windows 10. Actually I think the last time I traveled was before it even got upgraded from Windows 7, so the Microsoft account sign in would not have been an option anyway.

        My “real” account is Gmail for communications, some subscriptions I put through Yahoo, and I have a Hotmail just for testing. They all have Security Challenge procedures. Yahoo challenged me a few weeks ago right at home, saying something didn’t look right with recent activity. I got distracted before answering the challenge, and left it open. When I came back a few hours later I logged right in as though nothing had ever happened.

        I fully endorse the paragraph above sub-titled “Be Prepared”.

    • I couldn’t agree more. I DID prepare, and I am STILL locked out of the account where I pay my bills. Also, I have plans to meet friends and search for jobs and now I can’t reach these people. It has literally ruined my travels at times. Yes, my phone works here in Taiwan, but they did not send the security code. I tried sending to another email, but that was locked too. I answered all their questions correctly, including emails and subject lines from recently sent emails. I did not make any errors. STILL LOCKED OUT. FU Microsoft. I’m trying to get a job here.

      Before leaving, I also prepared by calling banks and credit cards to let them know my travel dates and locations. They asked a lot of information to verify that I am me. This is something I’ve done for 20 years. But, Microsoft does not offer this.

      • Which steps did you take to prepare? It might help to prevent others from being locked out. One way to prevent this is to use a different email service provider such as Gmail, although it’s still necessary to follow the preventative steps outline in this article.

  7. One reason the VPN might not be working is that websites eventually get wise to the VPNs which are accessing them. For example Netflix eventually blocks some VPNs once they learn of their existence. Since MS realizes that they are being accessed via a VPN, they probably block that VPN as a hacker might be using a VPN to look like they are in the US.

    A few years back, when I went to S America, I was asked to confirm my identity by GMail. All they asked for was my full phone number. Once I entered it, they allowed access. This to me sounds like enough proof that I’m me, like a second password, as the odds of a hacker from another country would never guess may password and phone number.

  8. We have just returned from a month’s stay in England and Wales. I hadn’t thought ahead to learn how to set up text verification on my phone with a UK sim card installed. How should I have handled this? Not all sites offer the alternative of verification via email. Thanks again for your great contribution to my sanity.

    • Having a recovery email address (or more) should allow you to have access to your Hotmail account when you travel. You don’t have to use that email address for anything else but you do have to check it regularly (monthly is good) so that it isn’t closed down for lack of use. You also have to be sure that that account doesn’t require a second factor when you travel overseas. I use gmx.com for that. You can test the recovery account by using a VPN which makes it appear you are in a different country. Set the virtual location to the one(s) you’ll be visiting.
      The Opera browser offers VPN browsing. It isn’t a true VPN but it’s sufficient for this test.

  9. Regarding VPN workaround – I actually find it quite effective. I use PIA and their app has 2 usefull features – killswitch and location selector. Killswitch makes sure your mail clien won’t get through before VPN is activated ever time you connect to Wi-Fi in another country. Location selector allows you to select location that looks OK for your provider – Microsoft, Google etc. The best thing is that you can test it before you leave your country and make sure it works while you still have access to your phone and local internet in case something goes wrong.
    The only problem with VPN is remembering to turn it on. Las time I was in Mexico I forgot and got locked out of hotmail. Furtunately I realized what happened and turned it on before opening my gmail app so was able to recover my hotmail access using gmail.
    One more potentially useful feature Microsoft offers is Recovery Key, you can get one in your account’s security settings and use to get your access back. They recommend printing it out and keep with you. I did not test it so not 100% sure it will work for this scenario, may be it works only for “forgot my password”.
    Another potentially useful thing is Microsoft Authenticator but as far as I understood it only works with 2-factor authentication, no mentioning of recovery options.

  10. I think that microsoft just wants to have my tel number…they block your account and even if you answer all the questions in the right way, they do not unblock it….if you dont give your tel number. Thats why I will do my best to change to google…at least they dont have these stupid complications. The funny thing is that I have all the mails downloaded in outlook and I know I am answering all the questions….like “write the exact line of the subject of the last mails you sent”. This is unbelievable….another question is “where you opened your account”, you have to remember the town and the postal code! You have to remember your skype contacts and the email of your contacts…… Only if you have outlook you can copy this info….but even like this the account stays blocked….
    it is a joke…really!!!

  11. I am a frequent traveler to Thailand. Sometimes Microsoft blocks my hotmail access, sometimes it doesn’t. Like other people here, I take great care to advise financial institutions of my travel plans and they enable access accordingly. All of this difficulty and confusion could easily be eliminated if Microsoft would allow the user to contact them in advance of travel to advise of travel plans so there will be no concerns regarding login from a different local. Unfortunately, Microsoft does not offer this. Why? The implications of not having access to email are substantial as I need to pay bills since my travel times often exceed several weeks. Why not reward responsible users?

  12. I set up devices as ‘trusted’ and emailed customer service to let them know I was going overseas – gave them dates, locations etc. I was still locked out. I have tried many times to get them to resolve the issue now I am back at home and on my pc – no joy.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.