Honestly, what you’re seeing doesn’t surprise me. What most people don’t realize is that we are all under constant attack. Every account, every server, every machine connected to the internet. It’s slow and unrelenting.
But it’s also normal.
I have some suggestions for what you should do, but closing your account isn’t one of them.
Become a Patron of Ask Leo! and go ad-free!
Recent activity in Outlook.com
Your Hotmail account is now handled by Outlook.com, and is a Microsoft account, also formerly known as a “Windows Live” account. As of this writing, information about recent activity is available via this URL:
You may be asked to confirm your identity with an extra step involving re-entering your password, or a code sent to a phone number or alternate email address on record.
Look closely, and you’ll see someone attempted to use this account to sign in to a Microsoft app on an Xbox. While I have an Xbox, I’ve never once used this example account to sign in there. Note that it was an “Unsuccessful” sign-in, so no action was required.
The only time you need to secure an account, in my opinion, is when you see successful sign-ins that aren’t you. A string of “Unsuccessful sign-in” entries — failed login attempts — are the system working as it should: hackers and others are being denied access to your account.
We are all under constant attack
All our accounts, computers, servers, and connected devices are under constant attack. Attacks may be slow or fast, targeted at specific accounts, or just trying things randomly, but they are never-ending.
Hackers or bots or who knows who else try to access any account by any means they can find. They’re typically unsuccessful, but it only takes once to get hacked. And from their perspective, even if they trigger millions of automated attempts and get in to only one account, they’re successful.
Secure your account
The single most important thing you can do is secure your account with a good password.
The longer the better and the more random, the better. Ideally, you use a password manager like LastPass, enabling you to choose passwords so random there’s simply no way to remember them.
And of course, never, ever use the same password on more than one site. Very often these automated hacking attempts are hackers exploiting data they found somewhere else. Perhaps a different account or service has been hacked, and they’re trying the password they found there at every other account they can think of that might be related.
That approach can be surprisingly successful.
Consider two-factor authentication
I also strongly suggest two-factor authentication for any account you consider to be sensitive. With two-factor authentication, hackers can have your password and still not get in, since they can’t prove possession of the second factor.
I need both my password and a number generated by an application on my smartphone in order to log in to my Outlook.com account.1 It proves I am in position of my second factor: my smartphone. Even if a hacker gets my password, they still can’t log in, because they don’t have that second factor.
Lots of failed login attempts?
In your scenario, I really don’t think there’s anything to be truly concerned about. The failed login attempts indicate that the system is working as it should.
It’s just a reminder of how important password and account security really is.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 4:52 — 4.5MB)
Footnotes & References
1: Technically, only the first time I log in to a new machine, should I so choose. After that, the machine can be “trusted”. For hackers, every time is the first time.
31 comments on “Why Do I See Lots of Failed Login Attempts on My Account?”
I got caught with this the other night to the point that it kept me up till early in the morning changing my passwords etc thinking someone was trying to get some info about something personal Until I worked out that the places from around the world I was getting attacked from were actually my other email sites that I had given permission to collect my outlook email from, so I could read outlooks email from a different Mail site like YandexMail from Russia if I wanted to , & that the false Logins were because I had changed my password on outlook earlier which caused false logins..
And as soon as I went to Yandex for example & changed the password for the email address That it then stopped & I was able to go to bed.
So I would suggest anyone else to think of any other websites or Email sites that have been given permission to collect or check their email from.
AnyWay I think this may help someone as it helped me.
I was surprised as well to find the recent activity option in Outlook.com. Gmail is my main email and I let it collect mail from Outlook. My activity shows a successful sign-in about every hour, presumably from Gmail.
I’m in a difficult situation. I made the mistake of blowing the whistle on a fellow employee who did something illegal amongst other unethical things. Instead of investigating him, my boss has me under investigation and is trying to establish grounds for termination. When the investigation started (4 months ago), I suddenly noticed a series of failed attempts to login to my personal email account. The attempts stopped when the investigation ended. I was cleared of his false complaints, but he has kept me under his own investigation and has been harassing me. I just got demoted, the guy I reported was promoted and now I’m under investigation by HR, again, and the failed login attempts have started again. Is there anything I can do about this? They appear to be using TOR servers when trying to access my email. I’ve been trying to ride this out, but I’m at my wits end.
Gary, it has been so long since you posted your concern about you blowing the wistle on someone but I would like for you as well as anyone else reading your comment to know; it is illegal for someone to retaliate against a person for blowing the whistle. You could seek legal assistance for this problem. There are attorneys that have free consultations. I would suggest you take that step because people that think they are above the law will continue to retaliate unless they are stopped through the legal process.
I’ve just checked my “recent activity” in outlook and have discovered multiple SUCCESSFUL login attempts from my home country (I’v.e been overseas of more than 2yrs). I’ve changed passwords on critical accounts. But I am freaking out. I’m not in the same position as Jason above – I haven’t given permission to any other sites to access my Hotmail account. How do I find out who has been hacking my account – I have the IP address and approximate location from the “recent activity” details. What else can I do??
To the best of my knowledge you cannot find out who. Perhaps with lawyers and a court order – if there’s sufficient reason to involve them – but as an individual that information is simply not made available.
I checked the Recent Activity on my outlook.com email account. Wow! Every half hour I see someone is unsuccessful in trying to log into my account: I’m happy to say that they don’t have the right password. Just to be careful, I changed it tonight. A strange thing is that the IP address associated with this unsuccessful log in is my own IP address; this is too strange. It is as though I am trying to sign in to outlook every half hour and using an incorrect password. I now use a wildly random 15-character password generated with LastPass (a really great password management program) so I feel pretty secure thinking that they won’t ever gain the password. However, it is very upsetting to think that someone is continuing to try to get into my account. I’ll consider two-factor verification to be more secure. I wish Microsoft would step forward and offer to track down the individuals who are behind this mischief.
If it’s coming from your own IP address then it’s more likely some program that you’ve configured with your Microsoft account and forgotten about. Nothing mischievous about it at all.
I’m seeing successful sign ins from hub cities almost every day this month. I just discovered this last night. Mostly in Chicago, Atlanta, and Kansas City. I have used Copy.com to transfer some audio files to a client. Could this be what is doing this?
I changed my password yesterday and noticed another successful sign in this morning. Is this something related to iCloud? If it were a hacker, wouldn’t it show an unsuccessful password attempt since I have now changed my password?
How far back does activity go? I can’t get to it yet because I need to send a code to my other account to view it, but I know my account has been hacked and wondered how far the data goes – 2 months? Or recent, recent?
I also know this because 7 days ago my account changed to the Outlook Web Access without any prompt and without a tutorial!! I didn’t do this, so it must be someone accessing the account. Very worried! I also don’t have 360 on my account so can only imagine this has been linked by an exchange account or business account (as it says I have in my settings!) but don’t! Please help.
My boyfriend tried to open his hotmail while on my computer about 3 weeks ago but because we were in Asia, hotmail would not open. He just wrote me today that he has received about 10 emails about failed attempts to open his account and the one he just forwarded to me gives my IP address. I had not cleared the cookies from my computer (but now have) but I have a strong anti-virus. For some reason sometimes MSN’s homepage opens automatically and sometimes I do read the articles. I thought maybe the MSN homepage was trying to open hotmail and hence his account. However the timing of the message from today does not match my history for MSN today. Could this be a virus? I certainly look bad as it looks like I am trying to hack his email. I am using a hotel wifi system where the room number and name have to be input.
These are cookies at work. They are supposed to make life easier. Some sites don’t have an option to “remember password” it just does it.
When signing into ANYTHING that’s not my own pc, I always use ctrl+shift+p to open a private browsing window. This won’t store any cookies from my session.
Had your bf done this, there would be no issue. Facebook is known to operate on this level as does Google/YouTube. Mostly for sale of voting as their content spreads wide and has integration with many websites for comments.
I’ve got a king size pain in the behind trying to get into my personal BT email address, as the amount of times I’ve had to change my password this past fortnight has been crazy, but mostly annoying. I’ve even got onto British Telecom about it too, to which the only thing they’ve advised me to do is change my security question too. That which I did last night, but trying to log into my email two minutes ago, it’s stated you’ve had too many attempts, please try again after 15 minutes. With the phone call I had with BT the other day too, I clarified as to whether you’re allowed 3 attempts to login to your email, which they said, “Yes”. But it was only one attempt I did two minutes to log into my email account, and it chucked the, “Please try after 15 minutes”, so it’s plain to see some plank is trying to get into my emails. How do I stop this altogether?????
I’ve noticed in the past 2 weeks someone has been trying to get onto my Gmail acct. Every few minutes someone tries to get in it and each time the phone tells me that the login in is unsuccessful. Should I be concerned? What can I do to prevent them from getting in? I already have a long password which is why they’re not sucessful in getting in. Please advise as I’m afraid the will eventually get in and steal my personal information, thank you.
You could set up an extra level of security with two factor authentication. More in this article: https://askleo.com/two-factor-authentication-keeps-the-hackers-out/
You could add two-factor authentication to the account. But having a strong password is your first, best defense.
I just checked one of my Outlook.com accounts, out of curiosity. Zero unlawful attempts. Only my Microsoft Outlook program regularly retrieving email by POP.
Microsoft’s security pages seem rather well designed.
Is it true, as they say, that in order to use a FIDO2 hardware key to authenticate into your account, you need to use Windows 10 and Edge ? This looks to me as a way to reduce users’ security, not enhance it…
Do you know of a way to geoblock those sign-in requests?
Geoblocking will depend on the security settings of the specific service. One service that does support this is LastPass. I use this to lock down access to LastPass to only from my current country. The only problem is that if you travel you need to remember to open up access from the countries that you will be visiting, or have a VPN service to take you back to your home country.
Every time I log into account activity, I see loads of regular activity that I easily Identify as my own. Then I see one or two unsuccessful attempts from places like India or the Ukraine. But once I’ve fully expanded all the activity it jumps to like 10-15 attempts from other countries places like Indonesia, Russia, Thailand and quite a few others. A few have attempted to hide their IP using a VPN. It always tells me “don’t worry, this was an unsuccessful attempt”. Which makes me worry even more, because the activity doesn’t fall off even after I said it wasn’t me. I get that Identity thieves are always trying to steal from people, but I feel that Microsoft could and should put some more effort into their own security. Also newsflash to anyone thinking an authenticator will fully protect you, if you get a keylogger on your computer or phone, it can render them effectively useless after a few uses.
Microsoft and other account providers are doing a good job. As long as you have a good password and preferably two factor authorization you should be safe. It’s not possible to prevent people from trying to get in, but good security practices make it impossible for them to succeed.
I have been hacked on my windows live email account and when I look at the recent activity there is loads of failed attempts from several country IPs but I know for a fact that they got into my email, now the problem is that I want to change my password in Live (It is already 2 factor auth.) but when I change it it says that it can’t be done at this time because there has been too many failed logins recorded and to try at a later time. Is there a way to change my password quicker? TIA -Sean
Not that I’m aware of.
My problem is that my backup email is getting security codes multiple times to reset the password. Worrying part is that the Microsoft account doesn’t show the full backup email. So someone find out that backup email address and is trying to reset my password..
Hello, I found your article by searching some information about securing my accounts. Beginning of this year I decided to go a step forward, use 2FA and so on. I see also lot of failing attempts for my e-mail account that I use daily, but none of them was successful.
I think it began when one of my friends was indeed hacked, they got his contact list and I’m in it too :) So now, my e-mail is under attack. And using 2FA can be disturbing… Yesterday for example I received a notification in Microsoft Authenticator that someone tries to connect from another country.
But I had a strange behavior these days. One of my accounts that I also secured was locked. I changed the password the day before and it’s pretty complex. This e-mail was never given to anybody, just for example the bank or my company. And I don’t register on websites with it. But I received an alert of suspicious activity… Saying that someone has the password. Now, the fun fact is that I unlocked the account (using my phone as a proof) and went to the activity log. And here, no suspicious activity, only my successful login from my own IP. How that’s possible? Does the activity log is not showing everything?
Maybe the only thing that I remember, as I changed the password, is that Windows Mail on my PC complained about it two hours before the alert, and I had to approve using Microsoft Authenticator. I don’t get it. Even if someone got my password, since I activated 2FA I had to get a notification right? I scanned my PC for malware, nothing. I am thinking this may be a false positive because there is absolutely nothing suspicious in activity log.
What do you think?
Not sure what to say. I would continue to keep an eye on things, and good on you for using 2FA.
I have NO Card or money attached to any account any where. Yet my Microsoft account has been tried to be hacked over and over. What is it these hackers are wanting? Poor people have never had money. Why are they convinced my name is a rich person name? I only know this cause another time of being hacked this was a reason I was given.
Hackers have no idea of their victims’ financial status until they’ve hacked the account. They use a machine gun approach and go after as many people as they can.
Message came up on messaging from Amazon and I believe it’s probably a scam. (АМАZON•АLЕRТ) Your account has been placed on hold due to too many unsuccessful sign in attempts. To resolve, see [link removed] didn’t click on that cuz I know it’s probably a scam and if you clicked on it your personal info would be stolen.
That’s a common kind of phishing attack, sending out a message that you need to log in to recover your account. That would send you to a fake login page where you would enter your login credentials, (username and password) and they would have access to your account. In addition to being vigilant, two-factor authentication would keep them out even if they got your credentials.
I removed the link because it would send people to the phishing page.
The website obviously wasn’t an Amazon website even though it had Amazon as part of the email address.