Well that was a fun notification (Security issue)

[Naruzeldamaster]

I just got a 'one time password' to log into my microsoft account.

That I didn't ask for...

Yeah no, changing password instantly, for both the microsoft store and actual microsoft account.

Has this ever happened to you guys? Doesn't have to be Microsoft specifically , just like, unwarranted password reset thingy in general.

 

[pmmg]

Generally…no. You should not gwt things you did not ask for. Ms may have raised their security and required you to come up to speed, or it may be an indication someone else tried to login as you.

 

[Naruzeldamaster]

Generally…no. You should not gwt things you did not ask for. Ms may have raised their security and required you to come up to speed, or it may be an indication someone else tried to login as you.

Yeah, that's the weird part, it wasn't a 'someone tried to log in is this you?' email.
Just a straight up 'requesting a one time code' email.
And at least for microsoft, that's a different thing.
I've gotten both before so I know the difference.

When we first moved here, someone tried to yoink/log in to my facebook. Literally minutes of being online.
But beyond that, nothing too odd.

Generally I don't get this stuff unless I request it personally, hence changing the password immediately.

 

[pmmg]

Could be a scammer impersonating ms.

 

[pmmg]

Anyway, in answer to this question, I often get prompted for things like this from my bank. If they think my security is lax, they let me know.

I hate being bugged about passwords and would like to say, let it be on me if I dont want the security, but that is not how it is going to be. I dont have much reason to log in to Microsoft. Most of the big recognizable places have moved to 2FA, and will hound you if you have not set yourself up for it. A one time pass is usually something you get if you have lost your password, and are requesting authorization to change it. Or...if you work for a secure facility or organization.

I dont know why MS would send this to you unwarranted. I would think, someone has tried to log in with your account, or mistakenly used your email, and got punted. It could be, its just been too long since you last verified your password, and it wants to verify your machine again (some places have a remember this machine mechanism, and its on a timer of some sort). Microsoft may have a mechanism that says last time you logged in, or last login attempt, where you could find out what happened. But...Like I said, I dont really use them, so I don't have their pages memorized.

 

[Naruzeldamaster]

Anyway, in answer to this question, I often get prompted for things like this from my bank. If they think my security is lax, they let me know.

I hate being bugged about passwords and would like to say, let it be on me if I dont want the security, but that is not how it is going to be. I dont have much reason to log in to Microsoft. Most of the big recognizable places have moved to 2FA, and will hound you if you have not set yourself up for it. A one time pass is usually something you get if you have lost your password, and are requesting authorization to change it. Or...if you work for a secure facility or organization.

I dont know why MS would send this to you unwarranted. I would think, someone has tried to log in with your account, or mistakenly used your email, and got punted. It could be, its just been too long since you last verified your password, and it wants to verify your machine again (some places have a remember this machine mechanism, and its on a timer of some sort). Microsoft may have a mechanism that says last time you logged in, or last login attempt, where you could find out what happened. But...Like I said, I dont really use them, so I don't have their pages memorized.

I think it may be someone may have used my email to try to log in.
Hard time believing it was on 'accident' but I won't deny the possibility.

I went ahead and changed both my microsoft and microsoft store passwords.
The only thing on microsoft account I care about is access to mine craft. There shouldn't be anything else important on there (to my knowledge) except what I used to use to pay for my 365 Subscription.

That being said, I've said many times I don't like the idea of my parents poking around my personal stuff.
So the idea of a complete stranger I've never talked to nor given permission to do that? yeah no.

 

[pmmg]

There is probably no need to change your password, as 2FA makes that unnecessary, but... Whats done is done.

If you suspect your parents, and at your age, I think that is crazy behavior from them, you can rest assured they did not get in. But its evidence they tried--or more so, evidence someone tried. You need more, you need the IP's they connected from, time stamps, and a good memory of your own behavior. Such that it was not accidentally you who tripped it and you don't remember.

If Microsoft keeps that information, or makes it avaialbe to you, I dont know.

Its also possible your info got leaked somewhere. That is way more common then one might think. A lot of accounts and password are available on the dark web, if you can find it. If you use the same password in more than one place, its a good chance it got leaked somewhere along the way.

FYI, passwords are almost never actually cracked, more often they are leaked. Cracking takes too much effort.

 

[pmmg]

Note, it could also be a scammer impersonating MS. An effort to get you to log in to a squirrely website and give up your credentials.