• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Installed win10 for friend, Microsoft Security BS ensues

J

JeffMD

Platinum Member
So I helped a friend upgrade from a windows 8 pc she lost the code to, to windows 10 so at least she had something to install from scratch from on (her windows 8 install was getting flaky). In order to get a key I had to tie her installation and pc to a microsoft account. No big deal right? Hah..not a few menus in we get to the alternative secure methods of contact, ANOTHER email address and a phone number. Not something either of us wanted to hand over to microsoft. I reluctantly let her use my social gmail account to get the install done, and pass on the phone number. There is no such thing as spam protection on THAT.

So that was yesterday. We installed windows 10, got it logged in, even mail was configured properly, all was good.
Briz
Today she went to install an app from the store and it says there was an issue with the account logon. Goto the web site, it says the account has been locked for possible compromise as it has apparently been caught violating..SOMETHING.. probably spamming lots of email it said. So how do I unlock it? I gotta give it a phone number!

Wait what? You have my secure email on FILE that you can send numbers too, but instead you will ONLY unlock the account to the person who only needed to login via password on a supposedly compromised account credential, and hands over what ever phone number they have handy? THAT'S TOP NOTCH SECURITY RIGHT THERE, LOU!

the last kick in the balls was immediately after unlocking via phone, it asked me if I wanted to see recent activity, of which THAT required me to verify my security EMAIL. Upon which I see... and this is the full list accept for today's shenanigans,

Successful sign-in (5 events) Yesterday 4:57 PM - 7:06 PM United States
Successful sign-in Yesterday 7:06 PM United States
Successful sign-in Yesterday 6:31 PM United States
Successful sign-in Yesterday 6:31 PM United States
Successful sign-in Yesterday 4:57 PM United States
Successful sign-in Yesterday 4:57 PM United States
Security challenge Yesterday 4:56 PM United States
Successful sign-in Yesterday 4:26 PM United States
Account created Yesterday 4:26 PM United States


6 legit logons and a security challenge was enough to lock an account? How about, saying what it is and MS will lock your junk down without a phone number, period.

Have fun with that Ring+ number I never use, biatches.
 
Last edited by a moderator:
If an organisation thinks your e-mail account has been compromised, why would they consider sending security verifications to it?

it says the account has been locked for possible compromise as it has apparently been caught violating..SOMETHING.. probably spamming lots of email it said.
Click to expand...

This doesn't make much sense: Why would MS know if your email account has been sending spam e-mails? Perhaps your social account had been compromised, the person who compromised it saw the notification saying "new MS account" and decided to try and do something with it, and failed?
 
This topic seems heavily misinformed about two-factor stuff.

Granted, they locked me out of Skype for who knows what reason, and I still haven't been allowed back in. The questions they're asking, I don't think even active users would know the answers to.

At least they're showing you your fishy activity. I have no reason why Skype alone, of all the MS products associated with my account, is suspended. I only use the stupid thing once or twice a year as it is.
 
Last edited:
sweenish said:
Granted, they locked me out of Skype for who knows what reason, and I still haven't been allowed back in. The questions they're asking, I don't think even active users would know the answers to.
Click to expand...

This is something that gets my goat about Google accounts: If you don't have a recovery number to use on your account, they start asking questions like, "when was your account created?", "when did you last sign in to your account", "specify 5 contacts in your contacts list", etc - a lot of my customers are not savvy enough to remember to update their Google account security details in the event of changing phone number, or they have e-mail software to check their GMail account, so the last time they logged in to the Google site was probably the day I or they created the account.

Google account setups used to include security questions and answers - for all their faults, usually if someone picks something sensible, they're very unlikely to forget it unless they go senile or something.
 
mikeymikec said:
If an organisation thinks your e-mail account has been compromised, why would they consider sending security verifications to it?



This doesn't make much sense: Why would MS know if your email account has been sending spam e-mails? Perhaps your social account had been compromised, the person who compromised it saw the notification saying "new MS account" and decided to try and do something with it, and failed?
Click to expand...

..no, you seem to mis understand. The outlook account is owned by microsoft and is used for new windows accounts. THAT was the account locked.
 
sweenish said:
This topic seems heavily misinformed about two-factor stuff.
Click to expand...

And this reply seems heavily misinformed that you should not be asking the people attacking a "marked compromised" account to add a phone number to it to unlock it. -_-

I have two factor authentication on it, its called my personal email. Only a complete failure of security bypasses it by allowing you to add MORE two factor security at the point of compromise! Again, microsoft REQUIRED ME to ADD a phone number when I logged in normally and it prompted me that my account was flagged as compromised. The first thing that needs to be assumed when an account is compromised, is that both logon and password are now known by the attacker! Letting them add phone numbers to unlock it is beyond retarded.
 
JeffMD said:
In order to get a key I had to tie her installation and pc to a microsoft account.
Click to expand...

Did you seriously install the Insider Preview builds for someone who doesn't know what they're doing? It's the only version of 10 that requires an MS account.

Completely unecessary, if so. If Windows 8 was reporting itself as genuine, the regular ISO would have used her 8 key automatically. And you wouldn't have had to create an online account.

And did you just do an upgrade, so she could keep her files? I've never read many people complain that Windows 8 was unstable. I know it's possible, but nearly all complaints about 8 were about the aesthetics and not the stability of the OS. Quite the opposite, in fact. It sounds more like the computer was infected if it was acting up. If not a virus or something really malicious, just a bunch of adware that gets in the way. And now you've given it an online account.
 
I like others, am confused.

Could she not log into her computer before?

I don't see what her install has to do with having a code for Windows. The upgrade to 10 takes the code that's already there to validate, and then it is done with the Windows 8.1 code. It never asks the user for it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top