READ ALSO: Why use Microsoft account in Windows 10
How to change or recover Microsoft / Outlook passwords
Changing or recovering your Microsoft password is relatively simple, but to make the guide really complete we will also show you how to increase the security level of the account by enabling two-factor authentication and how to check the aliases associated with the account.
Account login recovery (forgotten password)
If we have simply forgotten the Outlook or Microsoft password (even to access a Windows 10 PC), we can proceed with the recovery by opening the Outlook page, pressing the button Login, by entering the email address we want to access, by selecting Forward and, on the password entry page, by pressing on the item I forgot the password.
A procedure will be started to verify our identity, which will be based on a link to reset the password communicated on one of the recovery methods set when we still had access to the account or during the creation of the same: usually, the link is sent via email secondary. In addition to the link via email, we can set a new password, using a smartphone for recognition: we will receive a code to be entered on the identity check page, which will allow us to immediately set the new password without having to open secondary emails.
Recovery can be much more difficult if we have never entered an emergency email or phone number; in these cases, Microsoft could prevent the password from being recovered except by sending documents and certificates through assistance (not always a viable path).
Password change (suspected interference)
If, on the other hand, we still have access to the email but we fear that someone may have sneaked in or may have copied the access credentials, we must immediately change the password before it can pretend to be us or can do other damage. To make a metaphor: it is better to change the lock on the door of the house when you do not know exactly who has the keys to enter!
To change your password in Outlook or Microsoft, open the Microsoft personal account page, click on the menu Update the security info and finally press on the top item Cambia password.
In the following screen we enter the old password and enter the new password twice so that we can immediately deactivate access to devices or browsers that have tried our old credentials; doing so we will immediately throw out the intruders! Since we still have access to our account, it is advisable to read the following chapters to equip ourselves adequately in case of subsequent violations or oversights.
Change the recovery information
In order to recover an account whose password we do not remember, we will have to indicate (when we still have access to the account) the valid recovery methods, so as to receive temporary passwords and codes to be used to regain possession of the account. The most common methods are other email addresses (secondary emails) and telephone numbers, where to receive verification SMS.
To add alternative recovery methods, open the Microsoft account security page, log in with the credentials in our possession then open the menu Advanced security options, enter a security code and finally press on the item Add a new login or verification mode.
By doing so we will be able to enter secondary emails, phone numbers, or apps to generate random codes, to be used in the future to recover access to the account in case we forget the password or as an identity verification tool if we connect from a new network or from a new place.
Set up two-step verification
A very effective tool against intruders is two-factor authentication (also called Two-step verification), which allows you to add an additional layer of security in addition to the simple email address and password. By enabling this feature we will have to enter a code obtained via SMS, via a notification on the phone, via an app that generates random codes, or via secondary email at each access: if the hacker does not have access to these tools, he will never be able to access even if he knows the password.
To activate two-factor authentication for Outlook or the Microsoft account, open the Microsoft account security page again, log in with your credentials, open the menu Advanced security options, enter a security code and finally click on the button Activate, under the section Two-step verification.
We then press on forwarding and choose the method that best suits our needs (SMS code, authentication app, or an alternative email address. With this security system, we will have secured our accounts, but we will have to remember to always have our smartphone or access the assigned email in order to retrieve the codes: without them not even we can access them! Obviously, we will also have to pay more attention to the theft of our phone, since in this case, we will have provided an easy tool for accessing all accounts in our possession.
To learn more we can read our article Sites/apps where you can activate two-step password verification.
Check aliases and other accounts associated with your email address
This is perhaps one of the most overlooked methods by most people – any email account can be set up to send copies of received messages to other email addresses. An unscrupulous person could not only read every correspondence and every message received but could also reset the passwords used on other sites to which he is registered, such as Facebook, a blog, or others.
To check if there are and which addresses are enabled for forwarding messages received in Outlook, we access the site of the mail account, click on the gear at the top right and open the menu View all Outlook settings -> Mail -> Forwarding.
If we do not use the function, disable it, so as to prevent it from being used for illegal purposes or to steal our access data from another location or with another account.
To learn more we can also read our guide How to forward emails to Gmail, Outlook, and iCloud.
After following all the steps indicated in the guide we proceed to replace all your passwords on PCs, email clients, and web browsers where we use Outlook or a Microsoft account (including Windows 10 and Xbox consoles). Unfortunately, if your email is compromised, it must be assumed that all accounts on other websites are also compromised. You will then have to go to all the sites you access by putting your email address as login name and change both the password.
To maintain the security of your email account, always keep in mind that the password must contain uppercase, lowercase letters, numbers, and even symbols. Ideally, you should have a different one for each account or at least one different from all the others for your main Email account.
To increase the security of the connections we must always use HTTPS; in this regard, we refer you to reading the guide Always open sites in HTTPS, with a secure connection and encrypted data.
The best weapon to avoid receiving spam is not to disclose your email address and to use a temporary one or an alias when registering on sites and newsletters.
In this regard, we can read the articles on how to create anonymous and temporary addresses and how to create mail aliases on Yahoo Mail and Hotmail.