1. Mluckett2's Avatar
    Looking for help with my hacked account. I was hacked and my Windows Live ID, XBox Live ID were both changed. It's been 15d and I'm still waiting on the MS support team to do something. I have called 12/15d and gotten the same answer that they're working on it. But the phone support folks aren't the unauthorized access team, and they can't do a thing. I'm very frustrated and hoping someone can help. I've been locked out of my primary email and unable to use my LG Quantum for 3 weeks! Since I have no login, it means no Marketplace, updates, etc!
    05-22-2011 10:20 PM
  2. Muessig's Avatar
    The only thing I can really suggest is to keep phoning or emailing or whatever you can to contact them to make yourself a nuisance to make them get to the bottom of it quicker.
    04-26-2013 06:29 AM
  3. LanunReviews's Avatar
    There's a reason why two-factor authentication is awesome, and why Microsoft sucks. Despite all their talk about implementing it for their outlook accounts, I have yet to receive that option. Until it's present and works, I'll be sticking to google's services.
    04-26-2013 06:58 AM
  4. HeyCori's Avatar
    There's a reason why two-factor authentication is awesome, and why Microsoft sucks. Despite all their talk about implementing it for their outlook accounts, I have yet to receive that option. Until it's present and works, I'll be sticking to google's services.
    Have you looked under account settings? It may already be there.
    04-26-2013 07:30 PM
  5. LanunReviews's Avatar
    Their implementation is crap and buggy. I just bypassed the 2 factor authentication somehow using a different browser from my main, in incognito mode despite never having logged in from there and despite them sending the code to my phone, I never had to enter it. Imagine if I were using my outlook/live account for banking or gaming (steam/blizzard) activities. Imagine what kind of havoc that would wreak upon my finances or gaming accounts if someone could login with just my password. Until their system works, gmail is gonna be my mainstay account. I want to be able move over permanently to outlook but their implementation leaves much to be desired especially if they can't even stop someone from using my computer to view my email even after logging out (google requires me to input a code if I logout on my computer and they use cookies to verify the two-factor authentication for "Don't ask for codes again on this computer ", I have no idea what Microsoft is using but it sure ain't cookies).
    04-27-2013 09:46 AM
  6. HeyCori's Avatar
    Their implementation is crap and buggy. I just bypassed the 2 factor authentication somehow using a different browser from my main, in incognito mode despite never having logged in from there and despite them sending the code to my phone, I never had to enter it. Imagine if I were using my outlook/live account for banking or gaming (steam/blizzard) activities. Imagine what kind of havoc that would wreak upon my finances or gaming accounts if someone could login with just my password. Until their system works, gmail is gonna be my mainstay account. I want to be able move over permanently to outlook but their implementation leaves much to be desired especially if they can't even stop someone from using my computer to view my email even after logging out (google requires me to input a code if I logout on my computer and they use cookies to verify the two-factor authentication for "Don't ask for codes again on this computer ", I have no idea what Microsoft is using but it sure ain't cookies).
    While Microsoft's implementation isn't perfect, neither is Google's. Here's but one known issue with Google's 2 factor authentication. That article was posted two months ago but people have been finding ways to bypass Gmail's 2 factor authentication for over a year. And while holes do get fixed (thankfully) it would be a lie to call Google's system flawless. Plus it's not just Microsoft/Google with problems. PC Mag just had an article explaining that 2 factor authentication wouldn't have helped the AP's recent Twitter hack.

    If you really want to secure your Microsoft Account then I suggest using all 3 security features.

    Aliases
    2-Factor authentication
    Single use codes
    04-28-2013 06:02 AM
  7. palandri's Avatar
    Then again, individual protection means nothing if the server itself is hacked.
    04-28-2013 08:22 AM
  8. Ivanr53's Avatar
    Then again, individual protection means nothing if the server itself is hacked.
    Yes this is also true.The secret to being reasonably safe is a decent/regular password changes, not using doubtful hotspots and internet caf PC's to access your Outlook.com account. This is just the basic principals. Until Ms has resolved their implementation issues with their authenticator etc. stay away.
    04-29-2013 06:17 AM
  9. LanunReviews's Avatar
    While Microsoft's implementation isn't perfect, neither is Google's. Here's but one known issue with Google's 2 factor authentication. That article was posted two months ago but people have been finding ways to bypass Gmail's 2 factor authentication for over a year. And while holes do get fixed (thankfully) it would be a lie to call Google's system flawless. Plus it's not just Microsoft/Google with problems. PC Mag just had an article explaining that 2 factor authentication wouldn't have helped the AP's recent Twitter hack.

    If you really want to secure your Microsoft Account then I suggest using all 3 security features.

    Aliases
    2-Factor authentication
    Single use codes
    If you've already the article you posted, you would know that it would have prevented the incident, but shoddy reporting instead claimed that 2 factor (and authorized devices) would take too much effort and people wouldn't use it, despite the fact that authorized devices would be able to login indefinitely until cookies are cleared.

    I would have to either IM or call my colleague who "owned" the account to get the two-factor code. Or I didn't have to log in for 30 days because my laptop was an authorized device, but now it's the 31st day. And the weekend. Imagine the potential social engineering minefields.
    Like I said, lazy reporting. Here's one of the claims. Unless you have access to all the authorized employees' numbers and could spoof it or fake their voices (doubtful) to the person with the phone or authenticator, there's just no way you'd be able to social-engineer your way through that paper bag. Adequate security measures would always prevent most "hacking" incidents from occurring unless of course they're due to a security hole in the system, which in most twitter hacking cases, are not.
    04-29-2013 01:36 PM
  10. HeyCori's Avatar
    If you've already the article you posted, you would know that it would have prevented the incident, but shoddy reporting instead claimed that 2 factor (and authorized devices) would take too much effort and people wouldn't use it, despite the fact that authorized devices would be able to login indefinitely until cookies are cleared.
    I wasn't using it as an example that 2-Factor is broken. After all, I can't comment on Twitter having a broken system if they don't even use it. I only used it to show that 2-factor authentication is not an end-all-be-all. You still have to be on your toes.
    04-29-2013 03:19 PM

Tags for this Thread

LINK TO POST COPIED TO CLIPBOARD