Can you believe it?! Thanks to a security issue, attackers can take control of your Microsoft account really easily. Read on to learn everything you need to know and how you can protect yourself.
Your personal Microsoft account is your passport to the world of Microsoft. Most Windows 10 users prefer this way of logging in, and even Microsoft recommends it when setting up Windows 10. It’s not without good reason, as unlike with a local account Windows 10 only unleashes all its capabilities in combination with a Microsoft account. Only those who log in using a Microsoft account can download apps from the Windows Store, chat using Skype, or use the voice assistant Cortana. The combination of email address and password is also used to retrieve emails from Outlook.com and access personal documents and images on OneDrive, Microsoft’s cloud-based storage solution. As such, you should make absolutely sure that your Windows account data does not fall into the wrong hands. However, a flaw lets attackers crack your login credentials really easily.
An online test shows how easy it is for attackers to crack your Microsoft account
All it takes is a quick visit to a specially prepared webpage or a careless click on a link in an email (at least if you use Outlook) to get access to your personal email/password combination. But how can that be? The clue lies in the fact that Windows 10 manages your login credentials. As soon as you log in to Windows, Microsoft programs such as Edge, Internet Explorer, and Office retrieve your login credentials automatically – otherwise you’d need to type them in each time. Thanks to a flaw, hackers can discover what your credentials are. Take the test for yourself, and find out if your Microsoft account is affected.
Take the test now: Are your login credentials secure?
- Open Edge or Internet Explorer (the test WON’T work with other browsers such as Firefox or Chrome).
- Visit https://msleak.perfect-privacy.com. Click “I understand, start the test”. Wait for around 30 seconds while the test runs.Be aware that some virus scanners will block the test. That’s a good sign for a start! However, if you still want to run the test, disable your virus scanner temporarily.
- Review the result: If your Microsoft account is vulnerable, hackers can discover what your login credentials are. If so, change your Microsoft account password IMMEDIATELY. To find out how to do this, see below.
The test may reveal the following results.
Option 1: Your account details are vulnerable
Did you see “Vulnerable, Microsoft Live Account Credentials Submitted!”? This is the worst-case scenario. This message is as good as saying “Great, your Microsoft account details have been shared with everyone!” The fact that the internet site shows your username and your associated password is proof enough that you should take the warning seriously. So what are you waiting for – change your password now!
Option 2: Your Microsoft account is vulnerable, but you’re using a strong password
In this case, the page displays the “Vulnerable” alert and it also knows your username, but it can’t recover your password (you see the notification “Your password could not be recovered in 30 seconds”). This means that the test couldn’t crack your password within 30 seconds using brute-force methods. This involves special programs, fed with the most commonly used passwords, phrases, and number combinations, trying to crack your account using thousands of passwords a second. However, as mentioned the test only runs for 30 seconds – if attackers invest more time and computing power in the attack, they’ll be able to discover your password in the end. So the best thing to do is change it anyway.
Option 3: Your Microsoft account seems well protected
In the best case scenario, the page will display “Not vulnerable”. This is typically down to the internet connection. Like with many corporate networks, if your connection is routed through a proxy server then this blocks the transfer of critical data packets. Another reason could be that certain Windows settings are stopping the computer from running the test. This does NOT mean that your Windows computer is generally safe from such attacks. Tip: Check the security of your Windows password such as by using this website: https://howsecureismypassword.net/.
No solution: Deactivate your Microsoft account
The makers of the test advise to stop using Microsoft software that can access network shares over the internet. This includes the Edge and Internet Explorer browsers, the Outlook email program, and the Skype chat program. Furthermore, they generally warn against using Windows accounts to log in to Windows 10. That would be rather a radical step as this would severely restrict Windows 10’s functionality. Anyone signing in with a local account won’t be able to download any programs or apps from the Windows Store, the functionality of supplied apps will be restricted, and you won’t be able to access OneDrive via Windows Explorer – just a few examples from a very long list. In this case, the best thing to do is to create a virtually uncrackable password!
All it takes is 5 minutes to create an uncrackable Windows password
Do you always leave the front door wide open? Probably not. The smart ones among us protect their own four walls with a maximum-security door lock. You should also take this approach when choosing your passwords – and best of all a really secure password costs you absolutely nothing, unlike a high-security door lock! A secure Microsoft password is therefore not only absolutely essential – if someone has cracked your simple Microsoft password, it stops them from rummaging through your OneDrive folders and searching through your emails for further passwords at will.
- Go to “login.live.com”. Log in using your Microsoft credentials. On the left beneath your profile image click “More actions” and then select “Change password”. Follow the on-screen instructions.
- You’ll then need to enter your current password followed by a new one. Be aware: The new password should comprise at least 10 characters – even better if it’s longer. Don’t even attempt to use a simple sequence of numbers; keyboard patterns; common terms; names of relatives, acquaintances, pets, and celebrities; as well as your own address. You can create memorable passwords that are secure by using a phrase that helps jog your memory, such as “I need this password to login to Windows 10” for your Microsoft account. If you take the first character of each word you get “IntptltW10”. Passwords like these are almost impossible for hackers to crack, provided your computer has a good antivirus scanner to protect you against malware. Otherwise, a keylogger could record your every keystroke. In this case, even the best password won’t help.