One of the common issues faced by users on the internet is exposure of your email address following a data breach from a website. Although companies and website owners are becoming better at defending their websites from attacks by nefarious actors, even the largest companies are not immune.
Probably the most commonly hacked piece of information is your email address since this is not generally stored in an encrypted format. This email address you used as a username for that breached website is probably also the same email address you use to sign into your account provided by the company who manage your emails, e.g. Microsoft, Google, Apple. Once the hackers have your email address they can then try and access your account by cross-referencing other data breaches using the same email addresses and hoping you use the same email/password combination for more than one account.
For those major account providers like Microsoft, Google and Apple access to your account doesn’t just mean access to your emails (which itself is bad enough) but access to a whole range of other services linked to your account. Obviously, one of the ways you can minimise any attacks on your account is to turn on 2-step verification, preferably using an authentication app. Another way that I have found that works with your personal Microsoft accounts is to use Account Aliases.
Account Aliases are unique email addresses that are linked to your main account and can be used as alternative email addresses for you to send/receive email. The other more useful purpose of Account Aliases is to create an email address that is ONLY used to sign into your Microsoft account. By keeping one email address that you NEVER use as a login for another website you reduce the likelihood of your account being attacked.
To set up and Account Alias for your personal Microsoft account follow these steps:
- Navigate to https://account.microsoft.com/profile and go to the Account Info section.
- Click on the Sign-in preferences link at the bottom of that section which will take you to a page to manage how you sign into Microsoft.
- Under the list of existing Account Aliases click on the link to Add email address.
- Select a unique email address for your account. The system will only allow you to add an alias once it is unique to the chosen domain e.g. outlook.com. Remember, this email address is ONLY going to be used to login to your Microsoft account.
- Once Account Alias has been added successfully you will be returned to the page to manage your sign-in preferences. The next step is to change your Primary Alias as this will be the alias you will use as your username. To do this, select the Make primary link next to your newly created alias.
- From here, click on the link at the bottom of the page to Change sign-in preference. This page allows you to define which aliases can be used to sign into your account.
- Your new alias should be checked by default. Make sure any other aliases, including your original account alias, is not checked and click the Save button.
- Your account is now accessible using this new alias as the username. Just remember NOT to use this email address for any other websites.
- If you want to know whether someone has been trying to access your personal Microsoft account, you can go to the Activity page (https://account.live.com/Activity) and see when/where access to your account was recently attempted. This will show the successful attempts (hopefully by you) and unsuccessful attempts (possibly by bad people). If you monitor this page after you set up an alias, you should see the number of unsuccessful attempts go to zero.
- Finally, if you try logging into your Microsoft account with your original email address, you should see an error message telling you that the account is not valid. Only your new unique alias will get you into your account.