Anyone with an old outlook.com account – including Hotmail, Live, or MSN addresses – is highly likely to have the address “out in the wild”, either due to a data breech or posted to a public forum or website.
You can google for your address to see if it was posted on any public facing websites.
You can check to see if addresses were in data breeches at https://haveibeenpwned.com/. Note: it is safe to enter your address on this site, the site’s owners are Microsoft MVPs and are trusted by Microsoft.
If the hackers have your address, especially with a password from a data breech, they will try to log into your account. This has the potential to create problems, even if they can't get in, because Microsoft may make you change your password frequently.
Enabling 2-step verification will help to protect your account, as long as you don't accidently approve access on your app. Or you may be annoyed by the number of notifications you receive that are not you.
If you have a lot of sign in attempts in the activity list at https://account.live.com/Activity you can block the attempts by changing the primary alias, then disabling sign in permissions on the address that was the primary alias.
When you sign into your account, you will need to use the new primary alias (or another alias on the account). Do not use the address on other websites. Use it only to sign into your account.
If you have existing aliases on the account and have not used them to set up accounts on other websites, you can use one of those as the new primary. The goal is to use addresses hackers don’t know about.
I recommend having at least two addresses you can use to log in with – just in case you forget one. (I speak from experience!)
Note: You can have up to 10 aliases on the account but can only add two at a time. If you delete an alias, it can never be added back and counts as one of the 10 for up to a year.
To add an alias and change the primary alias:
- Log into https://account.live.com/names/manage.
- Click Add Email link and create a new alias. If you have other aliases already and have not used them on other websites, you can use one of those instead.
- Click Make Primary link to the right of that address.
WARNING: DO NOT REMOVE THE CURRENT ADDRESS! If you do, it is gone forever. You just want to change the primary alias.
- After changing the primary alias, change the sign in preferences using the link at the bottom of that page for Change sign-in preferences
- Uncheck aliases you used on other websites. You'll still receive email sent to those addresses, only the ability to sign in using the address is affected.
I recommend only removing sign in permissions from addresses that are exposed in database breech or can be found using google.
After you make this change, you will not be able to sign in using the old address. If you use the account to sign into your computer, you may be asked to log in again (using the new primary address) and your account address in Settings will update to the new primary address.
Your password will not change.
If you use the address as your default email address in Outlook on the web or new Outlook app, you can set it as the default address at View tab > View settings > Mail > Sync email
Note: If you use a Connected account, the page is not currently loading.
Check your security proofs and verify they are accurate at least once a year and additional security proofs here: https://account.live.com/proofs/manage/additional