Yeah so I had this as well. Every day or so I'd get locked out, had to do the sms unlock thing which sometimes wouldn't work.

What I did is I added an alias to the account, made it the primary and removed login priviliges from the 'old' one.

For all the things you still use the address, it'll be fine. It's just MS based logins that's you'd have to change.

Oh, so you are Bob@gmail.com, I'm sorry

AFAIK consumer MS accounts don't allow you to lock down access to a single IP. Adding MFA may help. If that doesn't work, contact MS support and see if they can add a geolock to the account to only allow auth attempts from your country.

MS may also be able to change the email address then add your old one as an alias.

Do you log into your account using a web interface? I'd guess IMAP/SMTP isn't limited by login attempts, only web logins. You could set up an email client on your devices and use it through that instead.

No matter what, I'd advise you to use a strong password, just to be safe.

but there are still plenty of random little things I'd like to hang on to it for.

Changing email addresses is a nightmare, I know. A lot of companies are not event technologically equipped to handle it because, as far as they're concerned, your email address IS your account, and account numbers are not a thing. But you need to bite the bullet and get it done. That sounds like a huge security vulnerability.

It's a Microsoft account, and my windows is tied to it

"tied to it" how? Use a local account. No Microsoft necessary. Alternatively, stop using Windows 😀

Can you just forward the email? Basically use it as a mail drop.

Which email provider is the account with?

I think the best approach would be to contact Microsoft customer support

This brings me memories from when I had my @hellokitty.com email.

Have you already tried adding an authenticator / passkeys, OP? Those are the only thing I can think of.

I have an old email from when I was like 7 and signed up on a range of different gaming websites.

Now however, I use proton mail. They even own SimpleLogin, so all I do it generate hundreds of email aliases. No website know my actual email address and each mail received to these aliases, are forwarded to my actual proton mail account. Using Keepass or another password manager of choice, is a wise idea so you don't have to remember all these accounts. Simple! Both secure, and private as it would be difficult to identify each account to an identity

Why not let that email get forwarded to another email account of yours ?

Yeah I have an old email as well. I rarely log into it, but when I did I saw there are daily attempts from China and whatnot trying to log into it.

Not in the situation where the account is locked out though. I always wondered if you couldn't reach out to m$ and ask for a geo block at the least.