Why Two Path Authentication is Essential - My Microsoft Account is Gone!

Yesterday, I faced an unusual situation that my account is not able to find at Microsoft. Actually, I haven't used my account for the past 10 days.

And I found that my account was removed from my family group. Actually, Microsoft sent me an email like below:

I also found the below email even though I haven't requested anything:

I tried to search for how to recover my account again and found the below information at Google.

To recover a lost account, users can: 

• Go to aka.ms/accountrecovery 
• Enter the account to recover 
• Enter an email address that is accessible 
• Enter the captcha 
• Select Next to receive a code via email 
• Enter the code and select Verify 
• Enter information to verify 

The response was very disappointing

I had some research and learned that a hacker might have gained access to the account and changed the associated email address or deleted it.

• The question is how to acquire Microsoft Account Access.
• Another point is that I was not aware that I can change the email address for my Microsoft account. Was it so easy?

This is something nonsensial.  Was it so easy to steal someone's account in Microsoft Ecosystem?

My gmail always needs two path authentication, but my Microsoft Account does not. If this was the only issue, I should turn on the two-path authentication for Microsoft in the future.

I assume the hacker may tried

• Something triggered me to visit some Trojan Horse website or anything. That's where JavaScript, which I'm unfamiliar with, comes into play, and the script is responsible for changing account rights to Microsoft.
• Or my laptop infected by an unknown virus, which recognizes that I have access to my Microsoft account and executes the script.

Two-factor authentication is essential:

• Two-factor authentication (2FA) adds an extra layer of security by requiring a second form of verification, beyond just a password, when logging in.
• This could be a code sent to your phone, a security key, or a biometric scan.
• 2FA helps prevent unauthorized access even if your password is compromised.
• Common methods of 2FA:
  • SMS or email codes: A temporary code is sent to your phone or email.
  • Authenticator apps: Apps like Google Authenticator or Microsoft Authenticator generate time-based codes.
  • Security keys: Physical devices that plug into your computer's USB port.
  • Biometric authentication: Using fingerprints, facial recognition, or iris scans.
• Many online services now offer 2FA, including:
  • Google accounts
  • Facebook
  • Twitter
  • Dropbox
  • Amazon
• Microsoft accounts also offer 2FA.
• Turning on 2FA is a simple process, usually found in your account settings.
• Enabling 2FA can significantly reduce the risk of account hijacking.
• Even if you haven't been a victim of account theft, it's highly recommended to enable 2FA for all your important online accounts.