Someone tried to sign in to my Microsoft Live account


Level 12
Feb 11, 2016
They only got to the challenge question and no further. What should I do ? I changed my password immediately.

Should I close the account ?
Last edited:
  • Like
Reactions: mal1 and kev216


You don't need to close your account. Just create another strong password. It doesn't even need to be something you could easily remember. Write it down or use LastPass or something so that you don't have to spend all day typing it in / remembering it.


Level 12
Feb 11, 2016
We personally can't do anything about it. Again, what you need to do is change your password. It needs to be complex since someone obviously trying to access it. Have you opened any suspicious mail lately?

No all my spam mail is blocked.

How do I change the challenge question on a Microsoft Live account?
  • Like
Reactions: kev216


Staff member
Jan 8, 2011
Login to your Microsoft Account:

Go to Security & Privacy

Step 1: Change your password - If not already, using LastPass (or other trusted managers) will create a complex password using letters, numbers and symbols. I recommend a minimum length of 12 characters. If you use a Microsoft Account to Login to Windows 8.1 or 10, you can set up a 6-digit PIN to access your device instead of having to memorise the randomised password.

Step 2: Check Recent Activity - Find any unusual IP addresses, Device/Platforms, Browser/Application and Location (Map). Keep a screenshot for future records.

Step 3: Review App Permissions - You can never be to sure what Apps you have granted access. In rare circumstances, you may find a suspicious app. To remove, click on Edit and Remove these Permissions. (It never hurts to check).

Step 4: Turn ON Two-Step Verification - Follow the steps carefully. I recommend any of the following; Microsoft Account (Windows Phone and Android), Google Authenticator (iOS and Android), LastPass Authenticator (if available), Authy (Android, iOS and Chrome).

Step 5: Reset your Trusted Devices - Remove all trusted devices associated with this account. You will be required to login and authenticate your logins on any devices you trust once you use them again.

Step 6: Check for Unwanted Apps/Malware Scan
- Check all your devices for any possible malware or spyware, from PC, Mac to Android. (etc.).

Step 7: Run a scan with MRT
- Open Run and type "MRT" (without quotes) to scan using Microsoft Malicious Software Removal Tool. MRT/MRST is delivered through Windows Update, or can be downloaded separately from Microsoft Safety and Security Center.

I strongly recommend that you make sure Two-Step Verification is enabled, and your password is changed on a clean device.

@ng4ever Do you use an Alias email created in If you do, you can use your primary or alias, as your default login email, and disable the rest. These settings are found on the Security & Privacy page.

Other members may have posted similar, as I took time to post this, but I ensure you that you do not need to close your Microsoft Account.

Keep us posted. ;)


New Member
Apr 3, 2016
To improve the security of your account, you can activate two-step verification downloading the app of Microsoft on Google Play ( I don't know if have to Appstore... but I think that have too.), besides of create a good password. How your friend Noxx said, would be good if you could download the LastPass. Because besides of create a strong password, lastpass can memorize all your passwords to each site you have an account.

Another good tip is never use the same password for all site you have account.

I hope this can help ;)


Level 5
Jan 10, 2015
I changed my password to 28 characters.

28 characters is good,but remember...

-Nothing logical(A name,a place....The random,the better)

-Lower and upper case,a dose of symbols...Mix it up.

-DON'T FORGET IT!!! :eek: Use one of the many different browser tools recommend by the good fellows here.Or if you're a paranoid,keep it (and other special/important passwords) in a external backup.

You can never be too careful.


Level 85
Mar 15, 2011
Changing the password to a stronger one is enough then remove any associated accounts that you think they added it.

I've fall on the trap from phishing before and manage to recover immediately. ;) *

* My classmate link me the phishing site and added his email account from my account itself.


Level 30
Content Creator
Jul 28, 2014
Definitely use a password generator from a password manager to keep your account secure, the passwords generated from those are really tricky and almost impossible to guess.

And use a different password for all your different accounts!


Level 19
Dec 3, 2015
Make sure your devices do not have any kind of spyware - keyloggers, data miners, stealers.Just to be double sure I would use a secure virtual keyboard like Oxynger keyshield and change the password and then save it either inside an encrypted vault or offline for the time being.Then re-enable the two step verification and report the IP to microsoft(if it is possible).
  • Like
Reactions: frogboy