Wednesday, November 6, 2013

Hotmail and Outlook fail 2 stage password recovery authentication

My friend got herself in a knot with two stage password authentication recovery on her Hotmail account (now Outlook or whatever the hell they call it)

Before you read on, if you are here to look for a solution if you have been locked out of your account by the two stage password recovery authentication then be aware that almost certainly there is not a solution.

If you enable two stage password recovery authentication, make damn sure that you have both the correct email account, the correct phone number, AND know your password. The old 'answer 40 questions' is then ignored so if you get anything wrong you are stuffed.

My suggestion is DON'T enable it, and DON'T use Hotmail or Outlook as your primary email. Just use it for your junk :-) Get a cheap paid for service for a few bucks a year. At least you will get better support as you are a paying customer.

Here's nice the scenario from my last post over at those bastards forums... :

Following my post here :

which has been closed to stop us protesting too much I had contacted Microsoft support.

In essence they tell me that there is nothing they can (or will) do about this problem. I cannot show anyone what they have said as they have without a "by your leave" removed the support request and there is nothing there but a blank page. If I did that to my clients I'd have none left in a week.

So my friends account is locked and they will do nothing to help a LEGITIMATE owner get back to her account, along with contact details that she cannot find anywhere else, and it is down to a flaw in M$ supposedly brilliant two stage authentication rubbish.

So not only have they cost her important information, but friends too - for it is the ONLY place she had their information and now has no way to contact them...

That's fine. She has told me to strip every vestige of Microsoft from every machine that she owns by my estimates that will cost M$ a few pounds. Every little helps as they say :-) It will be my pleasure too.

If they treat you like they have her, then I suggest you do what she did and abandon this bunch of profiteering thugs.

So here it is again. Just so you know.

She is a bit naive with IT and her account had been subject to social engineering attacks from Indians.

But she had least been changing her passwords and made them more and more complicated (I was insulted when M$ told us to forget the old account, open a new one and referred us to a page on creating secure passwords. Try this one that she was using    !54DkEn&sc%   And that isn't secure?)

At some point she enabled two part authentication as M$ encouraged her to do.

At some point when trying to be hacked the Indian had managed to get his phone attached to the account (I haven't tried to replicate how he did it, but it is what happened)

When she then forgot her latest password, she panicked, tried lots of different ones and got locked out of the account.

Now she isn't sure which one is the right one

She then tried password recovery.

Stage one - send and email to an alternative account

Stage two - use the number on the account to receive an SMS. Except it's the wrong number

There is no third option like answer 40 questions (which she has all set up and can remember most of the details)

And there you are. Locked out. She can only do one of the two parts correctly.

M$ support won't help (PLEASE don't tell me again to contact the idiots in support) - they are just another bunch of cheap 3rd world support staff who can barely read, follow the rules, and can't give a damn. We have offered to provide complete positive proof of identity with whatever M$ require etc etc but no, they aren't interested.

So M$ lose even more customers.

Good luck to the rest of you - I just hope you a) don't have an experience like this and b) forget the 2 stage authentication - it's only marketing to get your phone number anyway so they can track you more easily and c) wake up, smell the coffee and find a decent company to work with (I don't include Google in that - they are as bad)

Pam, I did all I could for you. But I told you what they were really like. At least you believe me now.....

No comments:

Post a Comment