Came across a great article from Microsoft so rather than reinvent the wheel I thought I would share it.

The advice on strong passwords is applicable to to any password accounts.

 

 

 

 

 

 

Follow these tips to help keep your Microsoft account safer and make it easier to recover if it’s compromised.

If you think your account has already been hacked, learn how to get back into your Microsoft account if it’s been compromised then follow these tips to strengthen your account against future attacks.

Create a strong password for your account


It’s especially important to have a strong password if you use a Microsoft email address (like Outlook.com or Hotmail). This is because many services now use your email address to check your identity. If someone gets access to your Microsoft account, they may be able to use your email to reset the passwords for your other accounts, like banking and online shopping.

You can change your password on the Security basics page at any time.

 Do  Don’t
Do make the new password significantly different from previous passwords. Don’t use the same password for different accounts.
Do use a sentence or phrase converted into a string of initials, numbers, and symbols. Don’t use a single word for your password like “password,” “monkey,” or “sunshine.”
Do make your password hard to guess even if someone knows a lot about you (avoid names and birthdays of your family or your favorite band). Don’t use common passwords like “password,” “iloveyou,” or “12345678.”

Make your account easier to recover


Add security info to your account to make it easier to recover your account if it’s hacked. Because this info can help keep your account safe, it’s important to keep it up to date. Add or update your security info on the Security basics page. Or, learn more about Security info & security codes and get steps to help protect your account today.

Download the Microsoft Authenticator app


The Microsoft Authenticator app not only adds another security layer to your Microsoft account, but it also lets you sign into your account without requiring a password.

Download the app and then learn how to use it in the How to use the Microsoft Authenticator app article.

Make sure your operating system has the latest updates


Most operating systems have free software updates to enhance security and performance. Because updates help keep your PC safer, we strongly recommend that you set up your PC to get these updates automatically. You can set up your PC to get the latest updates automatically for Windows 10.

Never reply to email asking for your password


Microsoft will never ask for your password in email, so never reply to any email asking for any personal information, even if it claims to be from Outlook.com or Microsoft. If you’re not sure the email is from Microsoft, check out How to recognize phishing email messages, links, or phone calls. It has tips to help you determine if an email is from a legitimate source.

Read about Outlook security for more information on email safety.

Check your recent activity


If you receive an email notifying you of unusual activity, you can see when and where your account has been accessed—including successful sign-ins and security challenges—on the Recent activity page. Microsoft learns how you usually sign in to your account and flags events that are suspicious.

Turn on two-step verification


If you need an extra layer of protection, two-step verification can help protect your account by asking for two forms of identification when you sign in. This makes it more difficult for a hacker to sign in as you, even if they’ve got your password. Any time you sign in from a device that isn’t trusted, you’ll be prompted to enter a security code. Read about two-step verification for more info.

Download the Microsoft Authenticator app to verify your identity quickly and securely. With the app, you don’t have to wait for security codes to be sent to you. Instead, open the app which has a new security code ready to go any time you need one. Or, if you don’t want to type in security codes, choose to receive push notifications from the app so that you just tap Approve and you’re good to go. The Microsoft Authenticator app is available for Windows PhoneAndroid, and iOS.

Manage your trusted devices


If you lose or give away a device that you use to sign in to your Microsoft account, or if you know that someone else has access to your devices for whatever reason, be proactive and remove the trusted status from your devices. To remove trusted devices, go to the Security basics page, select more security options, then scroll downto and select Remove all the trusted devices associated with my account. For more information, see the trusted devices FAQ.

Source: https://support.microsoft.com/en-us/help/12410/microsoft-account-help-protect-account