Hi, Leo. I was changing my password tonight on Hotmail and went into a section I never noticed before called recent activity. I was shocked to see that in the past two weeks there were a ton of failed attempts from nearly every country on the map that had tried to login to my Hotmail account. Is this normal? Should I be scared? Should I close the account? I’ve had this account since 1997 so it has lots of information about me in different folders. Thanks.
Honestly, what you’re seeing doesn’t surprise me. I do have some suggestions on what you should do, but closing your account isn’t one of them.
Become a Patron of Ask Leo! and go ad-free!
Recent activity in Outlook.com
I actually didn’t know that Outlook.com (Hotmail) would show recent activity. I’m pretty pleased that it does. So for those who haven’t seen it yet, click on the gear icon when you’re logged into Outlook.com; click on Options; click on Account Details and then on the left-hand side, you should see something called Recent Activity. Click on that.
Or, you can go directly to https://account.live.com/activity. You will, of course, need to confirm your password for security.
I did this on another account, and I noticed that someone had attempted to access my account from France, Japan, Ecuador and the Netherlands.
Attacks are constant
One thing that everyone really needs to realize is that our accounts are pretty much under constant attack. Or at least, we certainly need to act like they are. Hackers or bots or who knows what else are basically trying to get in by just about any means into any account that they can find.
They’re typically unsuccessful, but it only takes once to get hacked. And from their perspective, even if they trigger a million automated attempts and they get into only one account, they’re successful.
Secure your account
The single most important thing you can do is secure your account with a good password. The longer the better and the more random the better. Ideally, you’d use a password manager like LastPass to remember them for you – so that you can choose something that’s completely random; so random that there’s simply no way to remember it.
And of course the other thing you need to do is never, ever use the same password on more than one site. Very often these hacking attempts that you see are actually the hackers exploiting data that they may have found somewhere else. Perhaps a different account has been hacked and they’re simply trying the password they found there at every other account they can think of that might possibly be related.
Consider two factor authentication
I also strongly suggest setting up two-factor authentication for any account that you consider to be particularly sensitive. When you’ve got two-factor authentication, it’s not enough to just know the password. You can have the password and still not get in. You also have to prove that you’re in possession of the second factor.
In my case, as an example, I need both my password and a number generated by an application that’s on my smartphone in order to login to my Outlook.com account. Even if a hacker gets my password, they still can’t login because they don’t have that second factor. Yes, it sounds like it could be a little annoying to have to have that second factor for every login. But in reality, you don’t; there are some shortcuts you can take that to make it easier on computers use regularly.
But what’s important is that someone coming in from a brand new location elsewhere on the planet cannot use those shortcuts. They must have that second factor which of course, they won’t.
Ultimately, in your scenario, I really don’t think there’s anything to be truly concerned about. It is, however, a very real reminder of just how important password and account security really is.