No one wants to become compromised by hackers or malware. Use these tips to help you protect your accounts and devices.
Protect your accounts
It's important that you protect your accounts whether it's a personal account such as a Microsoft account, or a work or school account someone in your organization created for you.
Take precautions with sensitive info
Don't send emails that include sensitive information such as passwords, credit card numbers, passport numbers, or other government issued identification such as a social security number or other tax related identification.
If you absolutely must send sensitive info via email, use email encryption to help protect it.
For more information see Encryption in Outlook.
Is that message real?
Watch out for phishing attacks which try to trick you into providing sensitive information, or clicking a malicious link or attachment.
Phishing uses messages that pretend to be from a legitimate source such as a bank or an organization you trust. The message invites you to sign in with your email address and password, but it's actually a fake website. Or they may look like emails from someone you know which ask you to click a link or open an attachment.
If you click the link in the message or open the attachment, your computer can become infected or an attacker can gain access to your device or your data.
If you receive an email that looks even slightly suspicious, do the following:
Look carefully at the sender's email address. If the message claims to be from your bank, but was actually sent from a domain other than the bank's official domain it's probably fake.
Hover over the link and look for the name of the actual website the link is sending you to. Make sure it's what you expect and not misspelled.
Go to the legitimate website using your own saved favorite or bookmark, or from an internet search, instead of clicking a link in the message.
If you receive a message from someone you know, but it looks a bit unusual, it could mean the sender's email account and contact list was compromised. Contact the sender directly, describe the mail you just received and ask if it was legitimate.
Use two-step verification
Two-step verification -- also called two-step authentication (2FA) or multifactor authentication (MFA) -- is an extra layer of security to help ensure that only you are accessing your account.
When you set this up, any time you sign in to your account from an unrecognized device, app, or service for the first time, you're prompted to verify that it's okay. The verification message can be sent via an authentication app such as the free Microsoft Authenticator app on your smartphone, a text message, an email sent to an alternate address, or a phone call which requires you to enter a pin.
If your work or school accounts are using Microsoft 365, your Microsoft 365 admin or IT department should have enabled this for all accounts in the organization and you'll be prompted to take this extra step.
For a personal Microsoft account, you can set this up yourself and choose your preferred verification method such as the Microsoft Authenticator app, a text message, or an alternate email account.
For more information see What is: Multifactor Authentication.
Learn about password safety...or better yet, go passwordless
Go passwordless and use strong multifactor authentication like the Microsoft Authenticator app, Windows Hello, or a hardware security key to avoid compromised user accounts. If you're using a more secure login method instead of a password to sign into your Microsoft account you can remove the password entirely. Crooks can't steal a password you don't have!
If you must use a password, make sure it's strong and unique. Don't use the same password for multiple accounts and avoid using English words. Strong passwords include at least 14 characters, a combination of upper and lowercase letters, at least one number from 0-9, and a symbol.
Tip: Microsoft Edge can help you generate and remember secure and unique passwords. See Use Password Generator to create secure passwords for more information.
Protect your phone or tablet
Only run and install apps from a legitimate source such as the official app store for your device.
If you're using Microsoft 365, use Microsoft apps such as Outlook or Office Mobile to check email or edit Office files. They work better with Microsoft 365 and are more secure.
Keep your devices, and any software or mobile apps you're using up-to-date. Many of the updates you receive are security fixes so be sure to install operating system updates, and any software or app updates.
Enable the lock feature on your phone or table that requires you to unlock the device with a PIN, fingerprint, or facial recognition.
Protect a computer running Windows or macOS
The following are specific things you can do if your computer is running a modern version of Windows or macOS.
Make sure BitLocker Drive Encryption is on
BitLocker Drive Encryption provides full disk encryption on Windows PCs to protect data when devices are lost or stolen. If an unauthorized user gets the PC they can’t access files on the protected drives, including files synced from OneDrive. On supported versions of Windows 10 or 11 BitLocker turns on automatically the first time you sign in with a Microsoft account.
For more information see: Turn on BitLocker device protection
Protect your PC with Microsoft Defender Antivirus
When you start Windows for the first time, Microsoft Defender Antivirus is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and other threats. Microsoft Defender uses real-time protection to scan everything you download or run on your PC.
Windows Update downloads updates for Microsoft Defender automatically to keep it up to date and Cloud-delivered protection can help stop new threats quickly.
Confirm that Tamper Protection is turned on
Starting with Windows 10 we introduced Tamper Protection, which prevents unauthorized apps or users from changing your security settings. Often malware will try to turn off your security software in order to evade detection. Tamper Protection prevents the malware from being able to turn it off.
Use FileVault to encrypt your Mac disk
Disk encryption protects data when devices are lost or stolen. FileVault full-disk encryption helps prevent unauthorized access to the information on your startup disk
Protect your Mac from malware
Microsoft recommends you install and use reliable antivirus software on your Mac.
You can also reduce the risk of malware by using software only from reliable sources. The settings in Security & Privacy preferences allow you to specify the sources of software installed on your Mac.
Turn on firewall protection
Use firewall settings to protect your Mac from unwanted contact initiated by other computers when you’re connected to the Internet or a network. Without this protection your Mac might be more vulnerable to unauthorized access.
Be safer online
Here are a few tips for being safer when you're on the web.
A browser allows for private mode
All the common browsers offer a private browsing mode that offer a little more privacy. For example, on Chrome it's called an Incognito Window, and on Microsoft Edge, it's an InPrivate window. Your browsing history, temporary files, and cookies in the private mode window aren't saved when you close the private mode window. However, it doesn't hide your browsing traffic from any network your traffic passes through, such as your school, employer, or internet service provider (ISP).
Keep your browser updated
Your web browser may be the app you spend the most time in and it's the app that can be the most vulnerable to attack. The major browser vendors usually do a good job of patching vulnerabilities and making sure the browser is as secure as possible, but that depends on you allowing the browser to install the latest patches.
Tip: Don't worry about losing your open tabs when an update installs. All of the major browsers will automatically reopen your existing tabs after installing updates and restarting.
Block those pop-ups
Pop-ups are typically small ads that appear over websites without your permission. These pop-ups can contain links to malicious software that could be downloaded to your computer. On modern browsers the pop-up blocker is enabled by default. We recommend leaving it on; or turning it back on if it's been turned off.