These tips can help keep your Microsoft account safe, make it easier to recover if it's compromised, and strengthen it against attacks.
It's especially important to have a strong password if you use a Microsoft email address (like Outlook.com or Hotmail). This is because many services now use your email address to check your identity. If someone gets access to your Microsoft account, they may be able to use your email to reset the passwords for your other accounts, like banking and online shopping.
You can change your password on the Security basics page at any time.
Do make the new password significantly different from previous passwords.
Don't use the same password for different accounts.
Do use a sentence or phrase converted into a string of initials, numbers, and symbols.
Don't use a single word for your password like "password," "monkey," or "sunshine."
Do make your password hard to guess even if someone knows a lot about you (avoid names and birthdays of your family or your favorite band).
Don't use common passwords like "password," "iloveyou," or "12345678."
The Microsoft Authenticator phone app not only adds another security layer to your Microsoft account, but it also lets you sign in to your account from your phone without a password.
Add security info to your account to make it easier to recover your account if it’s hacked. Because this info can help keep your account safe, it's important to keep it up to date. Add or update your security info on the Security basics page. Or, learn more about Security info & security codes and get steps to help protect your account today.
Most operating systems have free software updates to enhance security and performance. Because updates help keep your mobile and computer safer, we strongly recommend that you set up your device to get these updates automatically. You can set up your PC to get the latest updates automatically for Windows.
Microsoft will never ask for your password in email, so never reply to any email asking for any personal information, even if it claims to be from Outlook.com or Microsoft.
Read about Outlook security for more information on email safety.
If you receive an email notifying you of unusual activity, you can see when and where your account has been accessed—including successful sign-ins and security challenges—on the Recent activity page. Microsoft learns how you usually sign in to your account and flags events that are suspicious.
If you lose or give away a device that you use to sign in to your Microsoft account, or if you know that someone else has access to your devices for whatever reason, be proactive and remove the trusted status from your devices.
To remove trusted devices, go to the Security basics page, select more security options, scroll down to Trusted Devices, and then select Remove all the trusted devices associated with my account.
For more information, see how to add a trusted device to your Microsoft account.