I highly recommend enabling the two factor authentication feature. I got my account targeted by some botnet and was breached several times regardless of how ridiculous my password was. Of course, this all stopped the moment I started using two factor auth.
Well that was amazingly useful. Someone had guessed my PW and was logging in regularly from a Windows CE device in Denver.<p>Very odd and confusing. Scary since my Skydrive has all sorts of personal stuff in it.<p>2 factor is awesome, but I always fear losing access to my account. Basically it means that if I don't have my smartphone on me, I have no way to check my email except on pre-authorized computers.<p>This is of course the point but it also means if I am traveling and I lose my smartphone, I have no way of contacting anyone that I know. I would be completely lost in the world and unable to reach out to anyone for help.<p>Of course there is the recovery code, which I have a copy of in my wallet, but that does me no good in a "traveling through city, get mugged" scenario.<p>It is scary how reliant we are upon technology. :(
Interesting. I'm in Colorado and last night I got regular (once every half hour) logins from "Exchange ActiveSync" in San Francisco.<p>Is it possible one of my (many) Live apps is doing this through an endpoint there?<p>[edit] I don't think justsomedood's post (<a href="https://news.ycombinator.com/item?id=6928806" rel="nofollow">https://news.ycombinator.com/item?id=6928806</a>) applies to me , all my devices were on my local network last night. It's a good thing to check though!<p>I've just enabled 2-factor auth, so hopefully I've removed the issue.
Needs work<p>- I have a sea of successful logins. Finding a bad one in the past looks hard.<p>- Location info for successful logins just says "United States", and should be more detailed up front.<p>Otherwise, a nice feature.
I have Skype on my phone and the log is filled with that app logging in all the time (looks like every 10 minutes!), which makes this kinda useless. It would be nice if the UI had a way to trim that list down somehow. e.g., group by country, filter by successful logins.
So if I have a random characters + numbers password that's reasonably long, do I actually have anything to worry about? Microsoft and Google don't allow brute forcing through their web login interfaces, do they? I keep things like IMAP and POP disabled.
Terrifying - it's a shame the "Learn how to make your account more secure" link is broken. <a href="http://go.microsoft.com/fwlink/p/?LinkId=324395" rel="nofollow">http://go.microsoft.com/fwlink/p/?LinkId=324395</a>