Outlook | Web | Outlook.com | Account management, security, and privacy
Managing personal Outlook.com account settings, security, and privacy
My apologies for the delay in response.
Let's hope for the best!
Best regards,
Darhyl
Login issues (bot/hacker security issues?)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 72%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
HPN
0
Reputation points
Several times during the last couple of months I've been told that "You've tried logging in too many times" when trying to log on to my Outlook/Hotmail-account. Although I haven't even tried once. The message often displays the very first time I try, and so I suspect some bot or hacker is trying to login to my account. This is very annoying since I'm not able to read my e-mail this way, sometimes in days. Is this a known issue a lot of people experience and something Microsoft is working on, or is it just happening to me? Hopefully someone at Microsoft can check what's going on by going through some logs or something?
I use username/password like I always have (no biometrics which I don't want to use).
Outlook | Web | Outlook.com | Account management, security, and privacy
-
HPN 0 Reputation points
2026-04-27T19:07:39.5866667+00:00 Also.. if this is the wrong place to get help: I tried calling Microsoft Support, but was unable to get through the AI to talk to a human being. How can I contact Support to talk to a real person in any way? E-mail, phone, online-form or whatever.
Sign in to comment
3 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 39%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Darhyl Amizola 41,900 Reputation points Independent Advisor2026-04-30T14:23:00.75+00:00 -
Darhyl Amizola 41,900 Reputation points Independent Advisor
2026-04-27T19:42:32.8466667+00:00 Hey there! Nice to meet you!
Unfortunately, this may have been a security bug on Microsoft's end. Currently, there is a service alert on the server regarding the same sign‑in issues: https://status.cloud.microsoft/m365/referrer=serviceStatusRedirect
Kindly try the Microsoft Sign‑in Helper troubleshooter in case this works: https://support.microsoft.com/account-billing/microsoft-account-sign-in-helper-7117cc8d-0d68-4658-b4fb-c4b7ee8a8e28
If the issue persists, I'm afraid your only option is to wait for Microsoft to fix this, and please check the server status from time to time.
Thank you for your understanding.
Best regards,
Darhyl
-
HPN 0 Reputation points
2026-04-29T11:58:23.5733333+00:00 Thanks for the info Darhyl. I've tried the sign-in helper a few times and it doesn't help. I've went through the verification via SMS a few times which have helped, but this doesn't always seem to be an option. Guess I'll just have to wait for Microsoft to fix it then.
Sign in to comment -
-
AI answer
2026-04-27T19:03:51.01+00:00 The behavior described matches Microsoft's security protections and is not unique to a single account.
Key points based on the described symptoms:
- Why the "too many attempts" message appears
- Microsoft systems detect unusual or repeated sign-in attempts and may temporarily block further attempts to protect the account from possible attacks or credential guessing.
- This can trigger even if the legitimate user has not tried to sign in recently, for example when:
- A bot or attacker is repeatedly trying passwords against the account.
- An app or device is silently retrying with an old or incorrect password.
- For work/school accounts, Microsoft Entra multifactor authentication explicitly “detects unusual activity like repeated sign-in attempts, and may prevent additional attempts to counter security threats.” The same protection concept applies to consumer Outlook.com/Microsoft accounts.
- What to do when locked out after “too many attempts”
- Wait out the lockout period before trying again. Guidance for similar scenarios is to stop attempting sign-in and try again later (often after 24 hours) to allow the protection window to expire.
- If the account is actually blocked due to suspicious activity, Outlook.com may place a temporary block on the mailbox. In that case, use the official unblock flow:
- Go to the Outlook.com “Unblock my Outlook.com account” page and use the Sign-in Helper to unblock the account by entering a security code or changing the password.
- If unblocking fails or codes cannot be received, follow the “When you can't sign in to your Microsoft account” path from that same article to reset the password and, if needed, contact support.
- How to confirm whether someone is trying to access the account
- For Microsoft accounts, review recent sign-in activity:
- Use the Recent activity or My Sign-ins views to see successful and unsuccessful sign-ins, including location, device, and whether additional verification failed.
- If unfamiliar successful sign-ins are found, immediately change the password and update security info.
- If unfamiliar unsuccessful sign-ins appear, it may indicate someone is trying to guess the password; enabling two-step verification is recommended so a password alone is not enough.
- For Microsoft accounts, review recent sign-in activity:
- How Microsoft handles unusual sign-ins
- When unusual sign-in activity is detected (new device, new location, or suspicious pattern), Microsoft:
- Sends alerts to alternate contact methods (email/SMS) configured on the account.
- May require a security code from one of those contacts before allowing sign-in.
- May temporarily block the account (especially Outlook.com) to protect against fraud or abuse.
- When unusual sign-in activity is detected (new device, new location, or suspicious pattern), Microsoft:
- Recommended hardening steps
- Even if biometrics are not used, security can be improved without changing that preference:
- Ensure alternate email and phone number on the Security basics page are up to date so alerts and verification codes can be received.
- Enable two-step verification / multifactor authentication where available, so that even if a bot guesses the password, it cannot complete sign-in.
- After any suspicious activity, change the password to a strong, unique one and review security info for unknown methods.
- Even if biometrics are not used, security can be improved without changing that preference:
If the lockouts continue even after waiting the recommended time and securing the account, use the unblock and account-recovery flows referenced below and, if still unsuccessful, follow the “When you can't sign in” guidance to reach support.
References:
- Common problems with two-step verification for a work or school account
- What happens if there's an unusual sign-in to your account
- View your work or school account sign-in activity from My Sign-ins
- Unblock my Outlook.com account
AI-generated content may be incorrect. Read our transparency notes for more information. - Why the "too many attempts" message appears