upvote

points

by faidit13 hours ago |
comments
upvoteby azthecx9 hours ago|
next
[-]
You can disable the email you use publicly as a login email.

I would recommend you look at some other guides before you do this but the gist is My Account > Your Account > Manage Account Information. Then you can add a new email that you do not share as your primary login email, and disable login from the email you use to send emails.

reply
upvoteby Spare_account7 hours ago|
parent|
[-]
I have about a dozen email aliases associated with my Microsoft account. On the "Your info" page, under "Account info", one of them is described as "The email address you use to sign in to your Microsoft Account".

However, I can use any of them to initiate a login attempt. I have my account set to passwordless, I don't know if that is relevant (every login attempt triggers an MFA prompt).

If I click on "Edit account info" I am taken to a page where I can choose which address in the "Primary", but given that ANY of the aliases can be used to intiate a sign-in, I don't see any benefit in changing that.

EDIT: I wasn't being adventurous enough. The option to change which aliases can be used to sign in is under (surprisingly) "Sign-in preferences".

In my defence, that page wasn't loading properly in Firefox with all my privacy add-ons enabled. I was able to access it in Edge.

EDIT2: I've changed my primary alias to a newly created one. If I am still able to sign in OK in a couple of days, I will disable the old primary for sign-in. I hope I don't live to regret this!

reply
upvoteby codebolt11 hours ago|
prev|
next
[-]
The correct thing to do in this scenario is to create a new random login alias on your Microsoft account, make it the primary login alias, and disable login for the all other e-mails tied to the account.
reply
upvoteby sheiyei12 hours ago|
prev|
next
[-]
I think the best defense against this is to delete the Microsoft account and enjoy a better life. (Unless, of course, you need it for Minecraft.)
reply
upvoteby hyperman110 hours ago|
prev|
next
[-]
Re Onedrive, as someone who left windows ages ago: Why not just create folders outside your user home? Create some junctions from the inside. Then onedrive gets to sync only your desktop wallpaper and any random stuf apps drop in there, and your real data is safe outside its reach.
reply
upvoteby aryan1413 hours ago|
prev|
[-]
You can view the recent activity on your Microsoft account @ account(dot)live(dot)com/Activity

Would show any logins or security info updates etc

reply
upvoteby Ueland13 hours ago|
parent|
[-]
Those login attempts which trigger 2fa app does not generate a log entry if unsuccessful. Only attempts with username/password does. For some strange reason.

So there is no way to flag them as malicious and if you accidentally accept, then it’s already too late.

Pretty annoying setup.

reply
upvoteby kenjackson4 hours ago|
parent|
[-]
I have the same issue. It’s absolutely stressful. Id also love some way to mark them as malicious.
reply