Share via

Account locked - too many incorrect passwords, which is true

Anonymous
2024-01-20T13:47:04+00:00

I tried to sign in today only to find that my account was locked because of too many incorrect passwords. I had to reset the password using two separate authentication methods.

Once I was in, I looked at the history and discovered that random IPs around the world are attempting to sign in every 10 minutes around the clock (130 in the last 24 hours). So yes, lots of incorrect passwords! I am concerned about this, but I suppose it's not uncommon. Once someone has your email address, they can guess your password as often as they want.

So there is nothing I can do to stop this, and there is nothing MS can do to stop it, so my questions...

  • How often will my account get locked? I.e. how many incorrect attempts are needed?
  • Assuming it's not that many, am I going to have to go through this convoluted process every time I sign in? And today I had access to the other authentication methods, but that won't always be the case.
  • Can this locking be disabled? In my case, I don't think it adds any value. My passwords is 20 random letters (upper and lowercase), symbols and numbers, so I don't see much point changing it. It's not guessable. And even if it was, there's still the 2FA.

Thanks.

Outlook | Web | Outlook.com | Account management, security, and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. Anonymous
    2024-01-20T15:30:48+00:00

    Hi there AJP_850, I am Lumie and I would love to assist you today.

    I am so sorry you are having issues getting into your account.

    I hope I can answer your questions!

    1. The max attempts are not set, it works from an algorithm of how many it receives within 24 hours.
    2. Normally if this is not fixed, it can happen every day at least once.
    3. You cannot turn this off as it is part of Microsoft's policy. Although the password is great and secure, this would not completely stop botnets that can guess. For future reference, do not tell anyone how long your password is. Especially on public forums like here which are monitored by bad actors.

    However, I do have a fix!

    We shall change your sign-in alias. This will stop the spam log-ins.

    "Go to Add an alias.

    Sign in to your Microsoft account, if prompted. [https://account.live.com/AddAssocId]

    Under Add an alias, do one of the following:

    Create a new Outlook.com email address and add it as an alias.

    Add an existing email address as an alias.

    Select Add alias."

    Now you can go to this site: [account.live.com/SignInPreferences] and turn off your sign in options for the past alias.

    You will have to sign in with your new alias but your past alias will function completely as normal!

    These steps and more information can be found here: [https://support.microsoft.com/office/459b1989-356d-40fa-a689-8f285b13f1f2]

    I hope this helps!

    Let me know if I can be of any further assistance. -Lumie =)

    4 people found this answer helpful.
    0 comments

5 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-01-21T08:53:25+00:00

    Hi again, Lumie,

    I did indeed need to change the primary alias, and then I could disable sign in for the original email. I can now choose which email address emails should come from, so the solution is perfect.

    I just want to thank you again for your help and provide the answer for anyone that views this in the future.

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2024-01-20T16:31:43+00:00

    I want to prevent login from my the email address I've used for many years, but that option isn't available (see below). Is that perhaps because it's the primary? And if so what effect would changing the primary have? Would it mean, for example, that when I send an email to someone, it will appear to come from the new email address?

    Thanks again for your help.

    I understand that I will still receive emails sent to what I'll call my real account, but what about sending?

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2024-01-20T16:27:48+00:00

    Hi there AJP_850, thank you for your response. Absolutely you’re very welcome. =)

    No, they cannot see your email but it’s best to give as little personal information as possible incase they can decipher your account. Posts that could be identifiable will be removed also which can get frustrating! Ahah

    If you need anymore assistance, please do let me know. =)

    1 person found this answer helpful.
    0 comments
  4. Anonymous
    2024-01-20T15:52:34+00:00

    Thank you! That's brilliant! A very good solution!

    Just to check, I was assuming nobody could get my email address from this post?

    1 person found this answer helpful.
    0 comments