I’ve turned on two factor authentication for all my accounts. You know, that annoying step where you have to verify it’s actually you logging in to an app or website.
I was reminded why this is a good practice today. Somebody in the “United States” tried repeatedly to log into my Microsoft account. I know because I got multiple login requests through Microsoft to Authenticator.
If you get one of these from Microsoft specifically, this doesn’t mean your password has been compromised because Microsoft bypasses the password step during login. In this case, the bad guy knew my email address only.
One of the first things I did when I got to Picuris was introduce (ie require) two factor authentication for the Pueblo’s Google accounts. That didn’t make me popular but we haven’t had an incident since implementing it!
Seth's Man Handles 
Leave a comment