Summary: Hotmail will lock your account, preventing login, if it detects potential abuse or breakin attempts. Unfortunately, that's about all we can know.
I have used the same Hotmail account for my personal email for over 10 years now, and I have never had a problem with it, until recently. About a month ago I started getting locked out of Hotmail. At first I thought a friend was playing a trick by attempting too many passwords, locking my account, and I ignored it. I wasn't worried about intrusion, as I use a strong password.
However the problem does not go away. My hotmail account gets Locked Out probably twice a day now. It is not terribly problematic, as I can just 'reset my password' and be on with it, but yesterday I was required to quickly retrieve a new email while over the phone, and it took me over 2 minutes to retrieve it, almost costing me the phone conversation and ultimately annoying the other person.
What could be causing this? I do not use Messenger or other Windows Live services, and I have AVG installed (scans daily). I have also scanned forum upon forum but seem to find most discussions are thread-jacked by people who forget their security questions, and no one with my problem.
•
I'll be honest: I don't have a good answer for you.
But I can confirm that I see a lot of people reporting locked accounts, and a few - like you - are successful at regaining access, while many more it seems are not.
I'll review why account locking happens - both the official Windows Live Hotmail explanation, and some speculation of my own - and what, if anything, you can do to avoid it and/or recover from it.
•
The concept is very simple. From Hotmail's own online help:
Multiple attempts at signing in with the incorrect password might cause your account to become blocked. If your account becomes blocked, you will be asked to Match the characters in the picture and sign in again.
But right from the start we notice an inconsistency: not everyone is given the option of simply filling in a CAPTCHA (aka "Match the characters").
My belief is that the CAPTCHA results only from repeated password failures from a single location. Meaning that if you try too many times you'll be faced with a CAPTCHA to prove that you're human, and not some computer being used to try to hack your account.
I believe there's a second level of "lock" that is more likely what you're experiencing. Something causes the account to lock in such a way that login is simply not permitted. No CAPTCHA is presented, you're simply locked out. In your case since you seem to be able to regain access after a password reset, it's possible that this type of lock can be lifted by that extra level of account validation.
And I'm sure there's a more permanent lock that would require some kind of manual intervention on Hotmail's part to remove.
So, what causes these types of locks? We can really only speculate, but here are some ideas:
-
As you first guessed: someone intentionally attempting to mess with your account. In theory, someone could just try to login to your account repeatedly until it locks. My guess is that if this happens often enough the lock requires more than just a CAPTCHA to recover.
-
As you also checked for: malware on your machine. This could include software that is also attempting to login to your account and failing, as above, or it could be software that has successfully logged in and is now sending spam, which in turn is likely to also lock your account.
-
Spam: I'm sure you're not sending any, but it needs to be said. I would expect that sending spam could get your account locked, or suspended.
-
Other services: you don't use them, but other services provided by Windows Live such as Windows Live Messenger that use your Hotmail account for authentication could be targets for abuse by someone.
-
All of the above - somewhere else. In the prior items the focus has mostly been on people you know, or things happening on your machine. In fact, with only your email address any of the above could be happening elsewhere without your involvement or knowledge. Spammers are attempting to hijack Hotmail accounts all the time.
So, what can you do?
Sounds to me like you're already doing everything that is in your control. Having a strong password is key, as is making sure your own machine - in fact any machine from which you access this account - is secure and malware free, are the key steps to maintaining security.
I'll reiterate that you're fortunate, in that you're able to recover access to your account with only a password reset. I regularly hear from many people who can't seem to regain any access to their account at all.
Checking the Windows Live Help official support forums, there's little additional information. People who report being locked out are given the following instructions:
Visit https://help.live.com/help.aspx?project=liveidv1&market=en-us
Select a topic from the choices at the left side of the page. If the topic does not fit to your problem go to the third step.
Select Get more help link located at the lower-right corner of the page.
Click Get support link.
That "Get Support" link takes you to a form that you can fill out for E-mail support. Unfortunately it's unclear if, or how quickly, you'll get a response. But of course it's worth a try.
I'd be remiss if I didn't mention my ongoing concerns about free email accounts for anything important. As you can see, you get what you pay for, and customer service - while vastly improved with the introduction of Windows Live Help - is still hit or miss. If something really is important to you I strongly encourage you to make sure you have a backup plan or alternate account for the day when, not if, you can no longer regain access to your account.
Related:
-
Are free email services worth it? Free email services and accounts are convenient and ubiquitous. But free email services aren't the right place to keep your important information.
-
How do I contact Windows Live Hotmail customer service? People ask every day how they can reach someone at Microsoft to help with Hotmail problems. You can't phone, but there is now on-line help for Hotmail.
-
Would you please recover my password? My account has been hacked or I've forgotten it. I'm asked daily to reset lost passwords, recover hacked email accounts or retrieve lost information in them. Here's my answer.
Article C3949 - December 13, 2009
You could configure Hotmail to forward a copy to an alternate account. This way, if you're locked out, you could access your email via that alternate account.
Posted by: Steve at December 16, 2009 5:26 AMTerry said:
If you "always" get that error the first time, the odds are that something has intercepted your login, and you are really on a phishing page.How do you get to the login page? Try going there by typing the complete URL into your browser's address bar. Don't use any bookmarks. Don't use any suggested URLs that might appear. If that works, then the answer is that you have probably been going to a phishing site, and giving them your login information every time. Reset the bookmark/whatever you were previously using to go to the login page to the correct URL, and immediately change your password.
Posted by: Ken B at December 16, 2009 8:09 AMI "second" what Ken B has stated about Terry's comment.
Furthermore, if you do discover that you are a victim of giving your password to someone, even inadvertently, I do agree that you need to change your password but don't stop there. I don't think it's mentioned enough...people who can log into your email can probably get your banking information (they're not necessarily just trying to use your address to forward spam).
Think about this. If you have a bank account at a popular bank and your email address (with the compromised password) is linked too it, the perp has already gone to all of the big bank websites and clicked the "oops I forgot my password" link. The bank now sends the new password to your email, the perp gets the bank password, and all of this within the first hour of them getting your email password. SO, changing your password is already not enough to stop them from getting into your financial life. Call your bank and confirm that this "I forgot my password" link hasn't been clicked or when your account was last accessed. Typically, many of the big bank sites have other security hoops to jump through, but some do not. Plus, since they are a professional perp, they probably know exactly what popular financial sites have the easiest hoops to jump through. Consider the password recovery process of your bank. Does it send the username along with the new password? If not, that's good but if your username is the same as your email address, then the perp will guess it. Do they have any other security hoops? My bank requires authentication with other personal information before it will resend the password.
Also, since they've had access to your email, they may also have gone into your email settings and set it up to forward a copy of your emails to some other email address that they monitor...so even though they can't access your account after you change your password, your account could be sending copies to another address. Check your email settings and it's forwarding properties.
Posted by: Gabe at December 16, 2009 9:12 AMHi all
Posted by: Henk at December 16, 2009 10:15 AM@Stan Carton: some businesses send a reply mail or a confirmation mail that will be blocked by the normal accounts I have. But they can reach me by way of my hotmail account. E.g. www.brusselsairlines.com or hotel chains in the USA. Quite annoying if one doesn't think about this. Of course, you can also make a screen shot of the order--I know.
I agree with Leo's comments. All I can add is make your password more secure by using a phrase [ like the first line of your favorite song ] No spaces but some thing like [ not mine ]
Posted by: John Neeting at December 17, 2009 3:37 AM'andimetheronasundayafternoonbythecreek'
My own password is longer than this and I doubt anyone could crack it. So far so good; haven't had a bit of trouble.