this post was submitted on 17 Jan 2025
36 points (97.4% liked)

Privacy

33009 readers
1099 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I still use my first ever made email address, at this point it's pushing 28 years old. However I have a major problem. I can rarely log into it anymore. There are so many attempts to login to the account daily from whoever out there that wants to gain access that the login is normally locked out for a period of time. At this point I've moved everything of financial value off of it as someone did get access once, but there are still plenty of random little things I'd like to hang on to it for.

I know I can just make a new one and ditch that one as a quick solution, but I figured i'd ask a wider community if they had any insights I might not have. It's a Microsoft account, and my windows is tied to it, but I'm pretty sure I can just migrate that to something new.

top 22 comments
sorted by: hot top controversial new old
[–] Vinny_93@lemmy.world 20 points 1 week ago

Yeah so I had this as well. Every day or so I'd get locked out, had to do the sms unlock thing which sometimes wouldn't work.

What I did is I added an alias to the account, made it the primary and removed login priviliges from the 'old' one.

For all the things you still use the address, it'll be fine. It's just MS based logins that's you'd have to change.

[–] Trincapinones@lemmy.dbzer0.com 17 points 1 week ago (2 children)
[–] Coskii@lemmy.blahaj.zone 5 points 1 week ago

Fairly sure Gmail wasn't around 28 years ago.

[–] Rozz@lemmy.sdf.org 2 points 1 week ago
[–] Kit@lemmy.blahaj.zone 12 points 1 week ago* (last edited 1 week ago)

AFAIK consumer MS accounts don't allow you to lock down access to a single IP. Adding MFA may help. If that doesn't work, contact MS support and see if they can add a geolock to the account to only allow auth attempts from your country.

MS may also be able to change the email address then add your old one as an alias.

[–] FooBarrington@lemmy.world 6 points 1 week ago (1 children)

Do you log into your account using a web interface? I'd guess IMAP/SMTP isn't limited by login attempts, only web logins. You could set up an email client on your devices and use it through that instead.

No matter what, I'd advise you to use a strong password, just to be safe.

[–] Coskii@lemmy.blahaj.zone 3 points 1 week ago (2 children)

I rotate my password every 6 months at this point. It's about as secure as a human who wants to remember a password could be. It's 20+ characters with all the various password needed inclusions.

And yeah, I can access it through an external application without issue. But if I ever want to change settings or make new email rules it becomes an issue.

[–] communism@lemmy.ml 2 points 1 week ago

You can use a password manager so you don't have to remember it. And enable 2FA, shouldn't really be possible for some rando to get into it, only well-resourced and organised attackers.

[–] FooBarrington@lemmy.world -3 points 1 week ago

Then your best bet is switching to a new email.

[–] Ulrich@feddit.org 4 points 1 week ago

but there are still plenty of random little things I'd like to hang on to it for.

Changing email addresses is a nightmare, I know. A lot of companies are not event technologically equipped to handle it because, as far as they're concerned, your email address IS your account, and account numbers are not a thing. But you need to bite the bullet and get it done. That sounds like a huge security vulnerability.

It's a Microsoft account, and my windows is tied to it

"tied to it" how? Use a local account. No Microsoft necessary. Alternatively, stop using Windows 😀

[–] furrowsofar@beehaw.org 3 points 1 week ago

Can you just forward the email? Basically use it as a mail drop.

[–] INeedMana@lemmy.world 3 points 1 week ago (1 children)

I think the best approach would be to contact Microsoft customer support

[–] ReverendIrreverence@lemmy.ml 1 points 1 week ago

Good luck with that. You'll get gray hair before you talk to a real person who actually can help you

[–] Templa@beehaw.org 3 points 1 week ago* (last edited 1 week ago)

This brings me memories from when I had my @hellokitty.com email.

Have you already tried adding an authenticator / passkeys, OP? Those are the only thing I can think of.

[–] ChojinDSL@discuss.tchncs.de 2 points 1 week ago

Which email provider is the account with?

[–] lemmyreader@lemmy.ml 1 points 1 week ago (1 children)

Why not let that email get forwarded to another email account of yours ?

[–] Coskii@lemmy.blahaj.zone 2 points 1 week ago

That is/was the plan, I was just wondering what insights people who actually know about privacy stuff would have overall. And I have been educated nicely thanks to a bunch of the folks on here.

[–] Wolfie@lemm.ee 1 points 1 week ago

I have an old email from when I was like 7 and signed up on a range of different gaming websites.

Now however, I use proton mail. They even own SimpleLogin, so all I do it generate hundreds of email aliases. No website know my actual email address and each mail received to these aliases, are forwarded to my actual proton mail account. Using Keepass or another password manager of choice, is a wise idea so you don't have to remember all these accounts. Simple! Both secure, and private as it would be difficult to identify each account to an identity

[–] fluckx@lemmy.world 1 points 1 week ago (1 children)

Yeah I have an old email as well. I rarely log into it, but when I did I saw there are daily attempts from China and whatnot trying to log into it.

Not in the situation where the account is locked out though. I always wondered if you couldn't reach out to m$ and ask for a geo block at the least.

[–] HubertManne@moist.catsweat.com 0 points 1 week ago (1 children)

It would be great to have like a controllable firewall setting so you could like lock out anything from your state but if you are going on vacation then before you go you can open up another state or country or such.

[–] fluckx@lemmy.world 1 points 1 week ago (1 children)

I mean. For the majority geo blocking off anything except their main region would be fine ( whitelisting Europe for Europeans will be fine for the most part ). Especially if you make it opt-in rather than opt-out.

Though I assume they would likely just continue their hack attempts over VPNs.

yeah at least it would make it a bit more work and honestly its often about not being the low hanging fruit. Im a home body so I would not mind bringing it a bit more local. Figure it would add to their vpn headaches as going to the region would not be enough.