Please help me secure an ancient email address.
Please help me secure an ancient email address.
I still use my first ever made email address, at this point it's pushing 28 years old. However I have a major problem. I can rarely log into it anymore. There are so many attempts to login to the account daily from whoever out there that wants to gain access that the login is normally locked out for a period of time. At this point I've moved everything of financial value off of it as someone did get access once, but there are still plenty of random little things I'd like to hang on to it for.
I know I can just make a new one and ditch that one as a quick solution, but I figured i'd ask a wider community if they had any insights I might not have. It's a Microsoft account, and my windows is tied to it, but I'm pretty sure I can just migrate that to something new.
Oh, so you are Bob@gmail.com, I'm sorry
Fairly sure Gmail wasn't around 28 years ago.
Hotmail
Yeah so I had this as well. Every day or so I'd get locked out, had to do the sms unlock thing which sometimes wouldn't work.
What I did is I added an alias to the account, made it the primary and removed login priviliges from the 'old' one.
For all the things you still use the address, it'll be fine. It's just MS based logins that's you'd have to change.
but there are still plenty of random little things I'd like to hang on to it for.
Changing email addresses is a nightmare, I know. A lot of companies are not event technologically equipped to handle it because, as far as they're concerned, your email address IS your account, and account numbers are not a thing. But you need to bite the bullet and get it done. That sounds like a huge security vulnerability.
It's a Microsoft account, and my windows is tied to it
"tied to it" how? Use a local account. No Microsoft necessary. Alternatively, stop using Windows 😀
AFAIK consumer MS accounts don't allow you to lock down access to a single IP. Adding MFA may help. If that doesn't work, contact MS support and see if they can add a geolock to the account to only allow auth attempts from your country.
MS may also be able to change the email address then add your old one as an alias.
Do you log into your account using a web interface? I'd guess IMAP/SMTP isn't limited by login attempts, only web logins. You could set up an email client on your devices and use it through that instead.
No matter what, I'd advise you to use a strong password, just to be safe.
I rotate my password every 6 months at this point. It's about as secure as a human who wants to remember a password could be. It's 20+ characters with all the various password needed inclusions.
And yeah, I can access it through an external application without issue. But if I ever want to change settings or make new email rules it becomes an issue.
You can use a password manager so you don't have to remember it. And enable 2FA, shouldn't really be possible for some rando to get into it, only well-resourced and organised attackers.
Then your best bet is switching to a new email.
This brings me memories from when I had my @hellokitty.com email.
Have you already tried adding an authenticator / passkeys, OP? Those are the only thing I can think of.
Why not let that email get forwarded to another email account of yours ?
That is/was the plan, I was just wondering what insights people who actually know about privacy stuff would have overall. And I have been educated nicely thanks to a bunch of the folks on here.
I think the best approach would be to contact Microsoft customer support
Good luck with that. You'll get gray hair before you talk to a real person who actually can help you
Can you just forward the email? Basically use it as a mail drop.
I have an old email from when I was like 7 and signed up on a range of different gaming websites.
Now however, I use proton mail. They even own SimpleLogin, so all I do it generate hundreds of email aliases. No website know my actual email address and each mail received to these aliases, are forwarded to my actual proton mail account. Using Keepass or another password manager of choice, is a wise idea so you don't have to remember all these accounts. Simple! Both secure, and private as it would be difficult to identify each account to an identity
Which email provider is the account with?
Yeah I have an old email as well. I rarely log into it, but when I did I saw there are daily attempts from China and whatnot trying to log into it.
Not in the situation where the account is locked out though. I always wondered if you couldn't reach out to m$ and ask for a geo block at the least.
It would be great to have like a controllable firewall setting so you could like lock out anything from your state but if you are going on vacation then before you go you can open up another state or country or such.
Use a password manager and generate a really strong password, something like 40 characters, that will help with someone actually getting in.
The locked account is weird, it's usually tied to an IP address or something, can't help there.