Follow these tips to help keep your Microsoft account safer and make it easier to recover if it's compromised.
If you think your account has already been hacked, learn how to get back into your Microsoft account if it's been compromised then follow these tips to strengthen your account against future attacks.
Create a strong password for your account
It's especially important to have a strong password if you use a Microsoft email address (like Outlook.com or Hotmail). This is because many services now use your email address to check your identity. If someone gets access to your Microsoft account, they may be able to use your email to reset the passwords for your other accounts, like banking and online shopping.
You can change your password on the Security basics page at any time.
|Do make the new password significantly different from previous passwords.||Don't use the same password for different accounts.|
|Do use a sentence or phrase converted into a string of initials, numbers, and symbols.||Don't use a single word for your password like "password," "monkey," or "sunshine."|
|Do make your password hard to guess even if someone knows a lot about you (avoid names and birthdays of your family or your favorite band).||Don't use common passwords like "password," "iloveyou," or "12345678."|
Make your account easier to recover
Add security info to your account to make it easier to recover your account if it’s hacked. Because this info can help keep your account safe, it's important to keep it up to date. Add or update your security info on the Security basics page. Or, learn more about Security info & security codes and get steps to help protect your account today.
Download the Microsoft Authenticator app
Make sure your operating system has the latest updates
Most operating systems have free software updates to enhance security and performance. Because updates help keep your PC safer, we strongly recommend that you set up your PC to get these updates automatically. You can set up your PC to get the latest updates automatically for Windows 10.
Never reply to email asking for your password
Microsoft will never ask for your password in email, so never reply to any email asking for any personal information, even if it claims to be from Outlook.com or Microsoft. If you're not sure the email is from Microsoft, check out How to recognize phishing email messages, links, or phone calls. It has tips to help you determine if an email is from a legitimate source.
Read about Outlook security for more information on email safety.
Check your recent activity
If you receive an email notifying you of unusual activity, you can see when and where your account has been accessed—including successful sign-ins and security challenges—on the Recent activity page. Microsoft learns how you usually sign in to your account and flags events that are suspicious.
Turn on two-step verification
If you need an extra layer of protection, two-step verification can help protect your account by asking for two forms of identification when you sign in. This makes it more difficult for a hacker to sign in as you, even if they've got your password. Any time you sign in from a device that isn’t trusted, you'll be prompted to enter a security code. Read about two-step verification for more info.
Manage your trusted devices
If you lose or give away a device that you use to sign in to your Microsoft account, or if you know that someone else has access to your devices for whatever reason, be proactive and remove the trusted status from your devices. To remove trusted devices, go to the Security basics page, select more security options, then scroll downto and select Remove all the trusted devices associated with my account. For more information, see the trusted devices FAQ.