According to Microsoft, there have been many inquiries recently about Microsoft accounts being hacked.
Since June 2024, many users have been checking their Microsoft account's "Security" > "Sign-in activity" to see a history of sign-in attempts by someone other than themselves.
I also confirmed this with my Microsoft account.
Most of the third parties attempting to sign in are from overseas IP addresses.
Recently, KADOKAWA was hit by a large-scale cyber attack around the same time, and there are rumors that this may be related.
Malicious actors will attack individuals and businesses alike, so strengthen your account security now before your account is compromised.
How to prevent your Microsoft account from being hijacked
1. Make your password complex
Microsoft also recommends that your password be long and contain a combination of uppercase and lowercase letters, numbers, and symbols.
Symbols that can be used in passwords:
'-!"#$%&()*,./:;?@[]^_`{|}~+<=>A complex password makes it harder for someone to guess and helps prevent your Microsoft account from being hijacked.
Create a strong password
Password security starts with creating a strong password. A strong password:
Microsoft
- It's long, 12 characters or more, but 14 characters or more is more useful.
- A combination of uppercase and lowercase letters, numbers, and symbols.
- It is not a word you would find in a dictionary or in the name of a person, character, product, or organization.
- It's significantly different from your previous password.
- It's easy to remember, but hard for others to guess. Consider using a memorable phrase like "6MonkeysRLooking^".
However, no matter how complex your password is, be sure to create one password for each email address (account).
For example, we do not recommend using the same password for multiple email addresses (accounts).
2. Applying patches (Keep your PC up to date)
There are always vulnerabilities in the Windows OS, and malicious actors will find and exploit these vulnerabilities to launch attacks.
Microsoft regularly releases patches to address security vulnerabilities, so we recommend applying patches as soon as they are released to keep your PC up to date.
For example, for a long period of time Windows Update If you do not do this or are using an OS that is no longer supported, you are at a higher risk of being infected with malware (viruses), and in some cases, data stored on your PC may be leaked.
3.2. Enable two-step authentication
When you sign in to your Microsoft account, you usually sign in with your email address and password, but you can enhance the security of your account by enabling two-step verification.
Here we will introduce Microsoft Authenticator, which is easy to set up.
*A smartphone is required.
Benefits of Microsoft Authenticator
With Microsoft Authenticator, your phone, which only you have access to, becomes the key to signing in to your Microsoft account.
It's also convenient because it saves you the trouble of having to enter a password.
By using Microsoft Authenticator as a key, third parties will not be able to sign in using your email address and password, so even if your password is guessed, it will prevent your Microsoft account from being hijacked.
Setting up Microsoft Authenticator
*Since my smartphone is Android, I installed Microsoft Authenticator from Google Play.
Google Play
https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=ja
Click here for iOS
https://apps.apple.com/jp/app/microsoft-authenticator/id983156458?l=ja&culture=ja-jp&country=jp
Once you have installed Microsoft Authenticator, open it.
1. Tap "Add Account."
2. Choose one of the following:
- Personal account
- Work or school account
- Other accounts (Google, Facebook, etc.)
*Here we will explain using the "personal account" method.
3. Tap "Sign in with Microsoft account."
4. Tap "Add Account."
5. Enter your Microsoft account email address and password to sign in.
*You may be asked for a security code to verify your identity. Please receive the code via SMS or email address and enter it.
6. "Allow autofill with Authenticator" will be displayed, so tap "Skip" here.
7. When you see the message "Added successfully," tap "Done."
Now that you have completed the setup of Microsoft Authenticator, proceed to set up your Microsoft account.
Microsoft account settings
1. On your PC Microsoft アカウントOpen the page and sign in.
2. Click "Security" on the left.
3. Click "Two-Step Verification" in the top right corner.
4. Scroll down to "Additional Security" and click "Enable" under "Two-Step Verification."
5. The Windows Security screen may appear. Enter the PIN you used to sign in to your PC and click OK.
6. "Set up two-step verification" will be displayed, so click "Next".
*You may be returned to the page in step 4. If this happens, start again from step 4 and the Windows Security screen will no longer appear.
7. You will then be issued with a recovery code for your account. Please print or write down the page and keep it safe.
8. Once you have finished printing or taking notes, click "Next."
9. The "Setting an app password for your smartphone" screen will appear, so click "Next."
10. You will see a message that says "You have other apps and devices that require an app password," so click "Done."
Now that two-step verification is enabled, try signing out of your Microsoft account and signing in again.
Sign in to your Microsoft account
1. When you sign in to your Microsoft account, you will see the message "Verify your Authenticator app" and a number will appear in the red box in the image below.
2. Open Microsoft Authenticator.
"New Microsoft account sign-in request" will be displayed, and three numbers will be displayed. Tap the same numbers as before and tap "Approve" to sign in to your Microsoft account.
