Protect your account and devices from hackers and malware
Protect your accounts
It's important that you protect your accounts whether it's a personal account such as a Microsoft account, or a work or school account someone in your organization created for you.
Take precautions with sensitive info
Don't send emails that include sensitive information such as passwords, credit card numbers, passport numbers, or other government issued identification such as a social security number or other tax related identification.
Watch out for scams
Watch out for phishing attacks which try to trick you into providing sensitive information, or clicking a malicious link or attachment.
Some examples of phishing scams look like messages from what appears to be a legitimate source such as a bank or an official looking institution. The message invites you to sign in with your email address and password, but it's actually a fake website. Other scams look like emails from someone you know which asks you to click a link or open an attachment.
Phishing messages usually have links or attachments. When you click the link in the message or open the attachment, your computer can become infected or an attacker can gain access to your content.
If you receive an email that looks even slightly suspicious, do the following:
Hover over the link and look for the name of the actual website the link is sending you to. Make sure it's what you expect and not misspelled.
Go to the legitimate website using your own saved favorite or bookmark, or from an internet search, instead of clicking a link in the message.
If you receive a message from someone you know, but it looks a bit unusual, it could mean the sender's email account and contact list was compromised. Contact the sender directly and describe the mail you just received and ask if it was legitimate.
Use two-factor authentication
Two-factor authentication (2FA), also called two-step verification, or multi-factor authentication (MFA) is an extra layer of security to ensure that only you are accessing your account. When you set this up, any time you sign in to your account from an unrecognized computer or other device, or if you add your account to an app or a service for the first time, you're prompted to verify that it's okay. The verification message can be sent via an authentication app such as the Microsoft Authenticator app on your smartphone, a text message, an email sent to an alternate address, or a phone call which requires you to enter a pin.
If your work or school accounts are using Microsoft 365, your Microsoft 365 admin or IT department may have enabled this for all accounts in the organization. If so, you'll be prompted to take this extra step.
For a personal Microsoft account, you can set this up yourself and indicate your preferred verification method. For example, you can request verification from an authentication app such as the Microsoft Authenticator app, a text message, or alternate email account.
Protect your password
Don't use the same password for all your accounts.
Make sure your password is strong and avoid using actual words. The current recommendations for strong passwords include at least 12 characters, a combination of upper and lowercase letters, at least one number from 0-9, and a symbol.
Tip: Third-party online services are available to help you generate and remember unique passwords for sites you visit regularly.
Protect your phone or tablet
Only run and install apps from a legitimate source such as the app store for your device.
If you're using Microsoft 365, use Microsoft apps which work better with Microsoft 365 and are more secure.
Keep your devices, and any software or mobile apps you're using up-to-date. Many of the updates you receive are security fixes so be sure to install operating system updates, and any software or app updates.
Enable the lock feature on your phone or table that requires you to unlock the device with a PIN, fingerprint, or facial recognition.