I always find the various authentication experiences to be more annoying than reassuring, but until now I've always managed to defeat whatever bizarre scheme a web site has created.
Yes, I'm fan of "Reset Password."
Microsoft though has stopped me dead by refusing me access to an outlook.com [account] even though I have the email address and password.
About three years ago someone established an outlook.com email for an organization. They passed the login info on to me. I subsequently just accessed it via Gmail for the next two years.
Today I tried to log in to outlook.com make some changes. They apparently feel that I am not who I say I am and demand some kind of "authentication."
After a half an hour of repeatedly submitting "Verification Forms" (Names, Birthdate, City, Postal Code, Captchas, Previous passwords....," entering numerous PINs, and generally jumping through hoops, I have concluded that I will never ever access this account again.
Best of all the email quoted below offers no way that I can appeal this to some kind of living being.
Is this the worst authentication disaster ever? Is there any logical reason why you would make it impossible for your customers to ever recover an account?
[Continues...]
We recently received a request to recover your Microsoft account *****@outlook.com. Unfortunately, our automated system has determined that the information you provided was not sufficient for us to validate your account ownership. Microsoft takes the security and privacy of our customers very seriously, and our commitment to protecting your personal information requires that we take the utmost care in ensuring that you are the account owner.
Please submit a new account verification form
At this point, your best option is to submit a new form with as much accurate information as you can gather. The more information you can include in the form, the better the chance you'll have of regaining access to your account. We've included a few tips below to help you fill out the form as completely and accurately as possible.
> Submit a new form
Helpful tips for filling out another form:
Answer as many questions as you can.
Use the information you provided when you created the account, or last updated it.
Submit the form from a computer you frequently use.
You will be asked to list recently used email addresses and the subject lines from recent emails. Ask for help from family members, friends, or business contacts to confirm their email addresses and tell you the subject lines of the last three emails they sent you.
Make sure to use the correct domain for your account, such as hotmail.com, live.com, or outlook.com. Keep in mind that your email address may be country specific. For example, if you created your account in Sweden, your domain would be "hotmail.co.se" rather than "hotmail.com".Ready?
> Submit a new form
Thank you,
Microsoft Support TeamMicrosoft Corporation
One Microsoft Way
Redmond, WA 98052
USA
(Score: 5, Insightful) by aristarchus on Sunday September 25 2016, @10:48AM
Best of all the email quoted below offers no way that I can appeal this to some kind of living being.
Translation: "This time social engineering will not work."
But fear not, our Dear Apple-buyer! You have been done a favor by being refused Outlook. Everyone who has not knows this only too well. So enjoy your good fortune, and bitch about it not.
(Score: 5, Insightful) by SDRefugee on Sunday September 25 2016, @01:36PM
Its simple: This is Microsoft we're talking about here... What the HELL do you EXPECT?? Any company thats so "teflon-covered" to manage to skip past the anti-trust lawsuits in the 90s, and who, lately, has made it clear that "Your computer is NOW OUR COMPUTER" by their heavy-handed antics with the turd that is Windows 10, you *should* kind of EXPECT this type of behavior...
America should be proud of Edward Snowden, the hero, whether they know it or not..
(Score: 5, Informative) by davester666 on Sunday September 25 2016, @06:49PM
google did this to several of my gmail accounts. I've got the user name and password (a decent length random string of letters and numbers), and google won't let me log in, without entering a phone number to 'verify' my account (not the usual thing where you can click "no thanks") and it NEVER was given one
(Score: 5, Insightful) by BsAtHome on Sunday September 25 2016, @11:15AM
(the following may read as cynical, but seeing how organizations think and work makes me just wonder)
No more access to your own data? Someone "misplaced" or "misappropriated" part of your data? This is by no means a single problem. All cloudy services suffer the same problem. You have given control of your stuff to a third party and they set the rules. And the rules are for them to decide upon without any (effective) recourse. I do see the "it is easy" argument. However, the drawbacks are many and fundamental. You have given away your control at any level. You get exactly what you ordered/payed for and then some.
It is rather pointless to complain about the "cloud" or blame its operators because it provides you exactly with what you ordered: loss of control. Whining about it does not help. You are still responsible for the mess because you accepted a promise of getting a herd of unicorns and did not think twice.
I do see the problem of non-techies having to cope with technology. But trusting a third party, with a tremendous power, to keep you and your data at the center of their focus is naive at best. All these third parties are in it for the money. If you get burned, well, you apparently didn't transfer enough funds to that third party to have you treated like the customer is king. The balance between being a customer or the product is related to the price you pay.
As usual, big players don't care about the little customer. Small players do better, but they are way more expensive. The only way to have control over the system and content is to do it by yourself locally and it'll be expensive. Old network wisdom (paraphrase as needed for the right choices): choose between "Good, Cheap and Fast", pick two, you cannot have all three.
(Score: 2) by mcgrew on Sunday September 25 2016, @04:25PM
I'd mod you up if you weren't already at five. That's exactly why I bought a 3 TB network drive. Its only disadvantage to "the cloud" is that I can only access my data at home.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 5, Insightful) by NotSanguine on Sunday September 25 2016, @05:49PM
That's exactly why I bought a 3 TB network drive. Its only disadvantage to "the cloud" is that I can only access my data at home.
It doesn't have to be that way. this is a starting point [howtogeek.com]. Well, okay, it could be, but it was just the first relevant link in a google search for "Openvpn through home router" but it should give you an idea.
I hope it helps.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by PocketSizeSUn on Monday September 26 2016, @12:00AM
Hmm... Isn't that what 'owncloud' is for?
Making your local data available to you via your own 'cloud' setup so you can do all the upload/download/share stuff?
(Score: 3, Insightful) by NotSanguine on Monday September 26 2016, @12:31AM
Hmm... Isn't that what 'owncloud' is for?
Making your local data available to you via your own 'cloud' setup so you can do all the upload/download/share stuff?
And since Owncloud [owncloud.org] requires exposing a LAMP [wikipedia.org] stack and any data you wish to share to the Internet, you take on the risk associated with any bugs/vulnerabilities in the LAMP components that are extant or will become so.
OpenVPN gives you the ability to terminate SSL connections with strong encryption/authentication and tunnel whatever you want. This allows remote access as well as file sharing. What's more, it does not require you to change how you currently share data internally.
Moreover, if you want to competently administer Owncloud (LAMP) components, you will likely need to learn a bunch of new stuff, assuming you don't already have Linux, Apache, MariaDB and PHP running in your environment -- which is a good bet for most folks in a home environment.
With OpenVPN, you learn/implement that and can then continue managing your home environment in exactly the same fashion as you always have.
In an environment where you already have those components, whether that's because you have technical skills and run that stuff at home, or you're managing just file sharing for an organization of various sizes [owncloud.org], Owncloud may well make sense. Otherwise, not so much.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by HiThere on Monday September 26 2016, @12:39AM
Well, computers aren't that expensive. Run owncloud and nothing else on that computer, and do your work on a different computer. Takes a bit of space, but you can use a pretty small computer.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by HiThere on Monday September 26 2016, @12:43AM
P.S.: Set up the system with enough RAM and boot from a LiveDVD, that way your system can't get hacked. You'll have a bit of extra work whenever some of your software needs to be patched, but since you aren't running much on it, that should be infrequent. Alternatively you could mount the system partition as read only, but you'll need to do a bit of configuration as /tmp, e.g., is usually a part of the system partition. Also this isn't quite a secure as partitions can be remounted (though I've never tried to unmount and then remount the system partition).
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Informative) by NotSanguine on Monday September 26 2016, @01:38AM
P.S.: Set up the system with enough RAM and boot from a LiveDVD, that way your system can't get hacked. You'll have a bit of extra work whenever some of your software needs to be patched, but since you aren't running much on it, that should be infrequent. Alternatively you could mount the system partition as read only, but you'll need to do a bit of configuration as /tmp, e.g., is usually a part of the system partition. Also this isn't quite a secure as partitions can be remounted (though I've never tried to unmount and then remount the system partition).
Absolutely. And since OpenVPN has turnkey Live CD/USB [turnkeylinux.org] distributions, it's pretty much a no-brainer.
Owncloud is a file sharing platform. It allows you to up/download files sercurely.
OpenVPN allows for remote access (e.g., VNC, RDP, ssh, etc.), client queries against internal servers (e.g., LDAP/AD, access to internal web servers, etc.), printing, and on and on. It is, after all, a VPN which allows you to tunnel arbitrary traffic.
OpenVPN -- smaller resource footprint, smaller knowledge footprint, greater functionality
Owncloud -- larger resource footprint, larger knowledge footprint, less functionality.
Hmmm....Which should I use?
As a simple-minded comparison, note the dependencies (see below) required for each platform:
OpenVPN requires appropriate network device drivers, OpenVPN and its supporting packages/libraries:
Owncloud requires Apache, MariaDB and PHP and all the supporting packages/libraries that go with it.
Owncloud has it's own set of dependencies as well [owncloud.org]:
Apache dependencies:
MariaDB dependencies:
PHP dependencies:
(Score: 2) by HiThere on Monday September 26 2016, @04:16AM
OK, I was speaking out of general principles. You appear to have domain knowledge.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by NotSanguine on Monday September 26 2016, @12:54AM
Well, computers aren't that expensive. Run owncloud and nothing else on that computer, and do your work on a different computer. Takes a bit of space, but you can use a pretty small computer.
The issue isn't hardware, it's security (you're terminating SSL tunnels with strong authentication and that's all) and usability (can your Aunt Celia* do Linux, web and DB admin?).
Owncloud is not (unless you pay their commercial end) a turnkey solution (in which case, you're using 'someone else's servers' which pretty much negates the value of the product for home users). What's more, before you can even consider installing/configuring/managing/using Owncloud, you need to be at least minimally competent at installing/configuring/managing/using a LAMP stack.
OpenVPN on the other hand, has a much narrower knowledge footprint and allows for significantly more functionality. And it will run on a pretty small computer (in fact, you can even install it, although I wouldn't recommend it, on your DD/Open-WRT device).
*This assumes that you have an Aunt Celia.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by PocketSizeSUn on Monday September 26 2016, @10:36PM
You seem to be under the impression that each option provides all of the solutions of the other but I really don't see it that way at all.
I already run OpenVPN. I would however run OwnCloud to get the easy of use and seamless integration of having a remote cloud option to upload/download/share. Sharing seems to be messy if you idea of share includes providing some sort of VPN access to untrusted parties.
Besides for the truly lazy, like myself, accessing data remotely is much easier (safer?) via ssh. (pubkey only thx).
See Aunt Tilly doesn't have to run her own 'cloud' ... me and Aunt Tilly only have to trust *each other* enough for her to use the cloud bits I am providing. This whole discussion about Cloud has far more to do with trust and trust of the provider than it does over if to Cloud or not to Cloud. We dump crap on the cloud because it is convenient. Some of us do it ourselves because we are paranoid, or control freaks, or just too cheap to pay some else to admin something we can do ourselves.
Conflating the complexity of LAMP is really silly, this is supposed to be frequented by technical people, after all. I spent more time dual homing OpenVPN than I did custom tweak my last LAMP deployment.
(Score: 2) by NotSanguine on Monday September 26 2016, @11:11PM
You seem to be under the impression that each option provides all of the solutions of the other but I really don't see it that way at all.
I'm not under that impression at all. As I said in other posts several times, OPenVPN allows you to tunnel arbitrary traffic and Owncloud allows you to share files.
Moreover, OP was complaining that *he* (not others) couldn't access his own files remotely.
If you want to *share* files with other people, that's a different issue/question.
See Aunt Tilly doesn't have to run her own 'cloud' ... me and Aunt Tilly only have to trust *each other* enough for her to use the cloud bits I am providing.
True enough, but I wasn't talking about the client bits for Aunt Celia, rather the server bits.
As I said (not sure why I have to keep repeating myself with you):
In an environment where you already have those components, whether that's because you have technical skills and run that stuff at home, or you're managing just file sharing for an organization of various sizes [owncloud.org], Owncloud may well make sense. Otherwise, not so much.
As such, I wasn't trying to discredit Owncloud for the functionality it provides, rather pointing out that if your skill set and use case (as is true for *most*) doesn't align with Owncloud, it's not such a great solution. This situation is true for most people.
Conflating the complexity of LAMP is really silly, this is supposed to be frequented by technical people, after all. I spent more time dual homing OpenVPN than I did custom tweak my last LAMP deployment.
Is it? I didn't see any technical competency requirements when I signed up for my account. Perhaps they've changed something in the meantime. Your knowledge/use case is important and worthwhile. To you. Why are you assuming that either everyone else is just like you, or that everyone else doesn't matter? Are you really that self-absorbed?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by PocketSizeSUn on Tuesday September 27 2016, @01:31AM
Ah yes. Trolling away I see.
Just waiting on my bisect so I've got time to waste with you.
I'm not under that impression at all. As I said in other posts several times, OPenVPN allows you to tunnel arbitrary traffic and Owncloud allows you to share files.
As does ssh. Which depends on ... wait for it ... libc.
And the configuration is ... literally nothing. The provided config file is the default values when no config is specified.
Back to the SUBJECT at hand which is "That's cloud for you". Which to me kind means we are talking about cloud options.
If this was various was to get remote access to your files then your OpenVPN ranting may have a place. As it is you shutdown other posters with your arrogant attitude and your strawman arguments.
Basically nobody effin' cares about how deep the dependency tree is on a modern distribution. That's what the package manager is for after all. Also nobody really cares that one solution is a complex C/C++ program and the other is collection of scripts sitting on top of a stable collection of C programs. What people care is does it do the job and how difficult is it to get started. I pre-requisite of 'does it work' is rather moot at this point.
The reality is that setting up an OpenVPN server has about the same number and level of considerations as setting up an ownCloud server. Both expect a certain level of understanding of certificates and domain names as well as who is allowed to connect over what security scheme. This is basic multi-user remote connected security stuff, if it freaks you out, go back and setup a ssh-server. Besides which deploying OpenVPN for point to point access is just really overkill and if you want to keep sidestepping around using OpenSSH vs OpenVPN for the *same task* then you are either delusional or a shill. What were are talking about here is OpenVPN server setups because that's how your remote OpenVPN clients (Laptop/Android phone/Office computer etc) are going to gain access to your personal data, presumably sitting in your home. Pretending that OpenVPN server setup is magical and Aunt Tilly can do it with the click of button is really disingenuous beyond disbelief so I have to assume that you are either a clueless wanna be or actually shilling for or against something. Since the client options and server options have to line up (Auth and Certs) there is not really a one-size-fits-all solution. Perhaps you working for an OpenVPN service provider?
I use OpenVPN *client* because some protocols prefer to run over udp and tcp servers don't tunnel that very well. I *know* that OpenVPN client setups are a multi-step non-trivial process without adding the extra complexity of multi-homing.
Well you seem to think I should be reading every post you've ever made so ...
Based on:
OpenVPN allows for remote access (e.g., VNC, RDP, ssh, etc.), client queries against internal servers (e.g., LDAP/AD, access to internal web servers, etc.), printing, and on and on. It is, after all, a VPN which allows you to tunnel arbitrary traffic.
And:
Is it? I didn't see any technical competency requirements when I signed up for my account. Perhaps they've changed something in the meantime. Your knowledge/use case is important and worthwhile. To you. Why are you assuming that either everyone else is just like you, or that everyone else doesn't matter? Are you really that self-absorbed?
I understand that while soylentnews does not require any sort of geek-cred to sign-up, as clearly you have, it does cater to said crowd. I also find it telling that you don't even seem to understand what OpenVPN is and what it is not and yet you are happily blasting HiThere out of complete ignorance of you own position.
Hint: OpenVPN bridges networks, ssh tunnels. Ssh can quite happily tunnel VNC, RDP, access internal web servers, printers, and pretty much anything else that talks over tcp.
For the very lazy and cheap there is already a Raspberry Pi build for ownCloud so McGraw can drop a Pi in front of his 3TB drive and access it anywhere and not have to worry about a lost password.
In fact I have an idle wandboard next to me .. I think I'll set that up just for fun I've got a bunch of 2TB drives that are too small for anything else.
(Score: 2) by NotSanguine on Tuesday September 27 2016, @03:28AM
Ah yes. Trolling away I see.
Just waiting on my bisect so I've got time to waste with you.
troll (n) [urbandictionary.com]:
Not sure how that applies to my posts, but go right ahead. You're definitely on a roll.
Basically nobody effin' cares about how deep the dependency tree is on a modern distribution.
That's often true. However, I was responding to HiThere's point about Owncloud not needing a big footprint. That is true, but OpenVPN's footprint is smaller. Do you dispute that statement, or are you just trying be contrary?
I also find it telling that you don't even seem to understand what OpenVPN is and what it is not
I'm sorry, what gives you that impression? OpenVPN (which I've implemented on a number of occasions), as well as other VPN implementations (whether they're based on SSL/TLS, IPSec or if you're old enough to remember such things, PPTP) many of which I've implemented and managed over the past 25 years provides an encrypted channel through which data can be passed without eavesdropping, across untrusted networks.
Hint: OpenVPN bridges networks, ssh tunnels. Ssh can quite happily tunnel VNC, RDP, access internal web servers, printers, and pretty much anything else that talks over tcp.
OpenVPN can be used to connect disparate networks. It can also be used by single computers to connect into a centralized network. In fact, OpenVPN servers can do both at once. In case you're not following along, the former functionality can be used to bridge [wikipedia.org] disparate networks, but such bridging is useful (at least these days) only in some bizarre edge cases.
SSH can tunnel traffic as well. However, that doesn't invalidate the use case for OpenVPN.
I'm not sure what's gotten a bug up your ass about this. Everything I've said is not only accurate, but also viable and useful. Yet you seem to be rather contrary about the whole thing.
As such, I'm going to leave it at that since you seem to just want to argue and I'm sick of repeating myself for you.
Kisses, darling!
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Informative) by NotSanguine on Monday September 26 2016, @12:08AM
Here are some better links:
OpenVPN on Ubuntu [madisonlinux.org]
OpenVPN on Linux Mint [purevpn.com]
OpenVPN on Fedora [fedoraproject.org]
OpenVPN on Open-WRT [openwrt.org]
OpenVPN on DD-WRT [dd-wrt.com]
OpenVPN on Windows [openvpn.net]
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by DECbot on Monday September 26 2016, @06:14PM
OwnCloud and OpenVPN both work, but the simple way is using ssh/scp. I have a 7-year-old linux box that runs ssh and samba. I keep samba for my private network and use scp clients for when I'm away from home. I've made it even easier by getting a static IP from the ISP and then forward port 22 to my file server.
cats~$ sudo chown -R us /home/base
(Score: 2) by bzipitidoo on Sunday September 25 2016, @12:08PM
Well I can't use a Facebook account I set up with fake information even though I have the correct password and access to the email account I associated with it. Been locked out for at least 2 years now.
Somehow, Facebook decided the account was being misused and locked it. It will not unlock until I provide whatever birth date I gave it. When I set it up, I just made up a random date and didn't record it anywhere, not expecting Facebook would one day try to use that for authentication. I thought maybe I could recover the birthday by checking that account's connections to see when FB nagged them about my upcoming birthday, but no, I had set it to private. I tried to guess the birthday, but Facebook will not allow more than 3 attempts per hour. Tried a few hundred guesses, no luck, and ran out of patience. It could be broken with more attempts, but not worth it. Best I can do is delete the account and start a new one. Pretty annoying to get spam from FB about how I haven't logged in in a while. No shit, FB! At least I was able to unsubscribe from such messages.
(Score: 3, Touché) by Username on Sunday September 25 2016, @01:40PM
January 01 1970
(Score: 5, Informative) by Marand on Sunday September 25 2016, @01:56PM
Tip for the future: if you're going to put bullshit info in an account, record it somewhere!
What I do is make an encrypted file and write the fake info down, so that I can respond with whatever insane data I gave during account creation. I started doing this because of the prolific use of "recovery questions", which I've always hated. Using honest answers is a huge security risk, and sometimes using gibberish will result in you later being asked to answer it at weird times, like to update other account settings. As a workaround, I started recording the gibberish in a safe file so that I can get to it later if it ever becomes necessary.
(Score: 3, Interesting) by mcgrew on Sunday September 25 2016, @04:29PM
The same thing happened to my mcgrew@gmail.com address.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 3, Interesting) by Aiwendil on Sunday September 25 2016, @04:50PM
Create a half dozen dossiers with information that you always use to lie in forms. My oldest alias is a german man two years older than me that loves to travel, works with agriculture and has a german sheppard named Max.
Let's just say in the 15 years I've been using that profile it has become quite complete and actually gets more invitations to tradeshows event than I do :)
My youngest profile only has six years running so far - it's a dutch dockworker :)
(Score: 2) by bzipitidoo on Sunday September 25 2016, @07:00PM
Yes, I've started doing that.
They are getting more sophisticated at rejecting fake info. I didn't know the zipcode I pulled out of the air doesn't exist, and several times now, sites have rejected the fake info over that. Fake street names and phone numbers can be rejected. Found it was easier to pick a real address with a real phone number.
Why site owners bother with such checks I'm not sure. They want traffic, and don't care if someone is faking some info. Maybe advertisers forced it on them.
(Score: 1, Informative) by Anonymous Coward on Monday September 26 2016, @01:19AM
The only reason to require a phone number is for tracking purposes. For the people who collect personal info for tracking reason, the phone number is GOLD. Everything else is considered less than, and this goes even more so in the age of cell phones because many people share addresses or move often but cell phone numbers are often individual people and don't change as often.
(Score: 2) by Aiwendil on Monday September 26 2016, @06:26AM
Tgat 15 year old profile has the zip-code and adress of a park in Lübeck (in most modern countries adresses are often assigned decades ahead of development at stretches of roads, they are excellent to use to lie with), and it always refuses to enter a phone number (virtually all pages has a non-obvious "skip" option).
As stated - over time it becomes very complete..
(Score: 3, Interesting) by aclarke on Monday September 26 2016, @01:11PM
(Score: 2) by lizardloop on Sunday September 25 2016, @12:17PM
I had a bunch of Outlook email addresses I was using for various purposes and ended up locked out of a couple of them. I forgot the passwords to some of the lesser used ones. Tried doing all the password reset stuff but then it wanted to tie the accounts to a phone number. My number was already tied to the other accounts and in the end I just started using another mail provider.
I used to have tons of free email addresses but most of the providers are now insisting on having a valid mobile phone number which makes this somewhat more difficult.
(Score: 3, Interesting) by Arik on Sunday September 25 2016, @12:17PM
So that was good, time to get rid of yahoo anyhow.
Outlook is possibly the worst email provider, seems to be even worse than yahoo, if that's possible. I'm sure there's a short term convenience reason to be using it but long term you'll always be better off without it.
If laughter is the best medicine, who are the best doctors?
(Score: 4, Interesting) by bzipitidoo on Sunday September 25 2016, @03:51PM
What should people do for email, if not Google, Yahoo, or Hotmail? If you run your own email server, you still need an email address, and that's a pain, to say nothing of dealing with dynamic IP addresses. Don't want my contacts having their emails to me bounced because they arrived in between an IP address change and the updating of the DNS. Too often, I've had DNS services change terms on me. Not that email providers don't do the same. Used to use dyndns. Lot of routers had autorenewal capabilty for dyndns and a few others baked in. Also have to deal with spam yourself.
Maybe the post office or other appropriate government organization could be created or brought into this, give some stability to email addresses. Why can't I be JohnSmith1042@citizen.us now, and 50 or 100 years from now?
(Score: 4, Informative) by Max Hyre on Sunday September 25 2016, @11:18PM
For me, the best part is my account is the catch-all for the domain, so I can give out a different e-mail address for every contact (other than friends and family :-), with said contact's name it it, so I know who's behind every incoming e-mail. It also clues me in when an organization's sold me out or been hacked—I start getting unrelated mails sent to that correspondent's address.
Of course, I've always wanted to set up my own e-mail server (like Hillary?). Maybe someday.
(Score: 2) by Mykl on Monday September 26 2016, @01:16AM
Same here - my email address used to be tied to my ISP, but I had to ditch that when I got sick of their crap.
I shelled out for a domain name and hosting service and have never looked back. Not only do I get to fully control my own email accounts, I can set up and maintain as many as I like. It also comes with web hosting and personal storage too, though that's a lot less useful since the advent of DropBox etc.
(Score: 1, Interesting) by Anonymous Coward on Sunday September 25 2016, @12:24PM
I've not tried this so no idea if this will work, but these are my thoughts if I was in your shoes.
I presume the account is locked or something if it won't let you in even with password.
If you've provided _absolutely_ _everything_ the form asks for, you are 100% sure it is all correct, and they still won't grant access, have you tried other methods of contact? The email you received may not give away anything what these are, it's automated after all, but try things like googling (or binging? doesn't sound right) for support telephone numbers. What about a traditional letter in the post explaining the situation in depth? Might help if it's recorded delivery, and sent from a solicitor or something so it looks Really Serious if it's that important to you. The information you provided being 100% correct is important though e.g. are you sure the birthdate provided is the correct one on their file, assuming this is a business account not a personal account (though nothing stopping personal accounts having non-accurate birthdates too - I've forgotton the birthdates of some of my accounts which in hindsight, I should have written down, were I ever to end up in the same position as you).
If all the data you've provided is correct, you may be some random edge case the automated recovery tools cannot cope with, or something is missing between the verification instructions you have, and what checks actually goes on behind the scenes - maybe there are checks of country of origin of requests by the IP address, or some random secret court order/NSA request causing the block.
How important is the account to you, and how much effort/time/money are you willing to spend to regain access?
(Score: 4, Insightful) by martyb on Sunday September 25 2016, @12:56PM
You have the account ID and password, and it won't let you login. I understand your frustration as it sounds pretty stupid, right?
Consider the case that someone, whether by phishing or some other means, was able to get your account ID and password and was trying to access your account. The e-mail provider detects 'unusual activity' with the account (coming from a new location, say) and is trying to protect against an account breach. How can they protect their users? If you were in the position to set up such a system, one which has millions of accounts, how would you set things up? Especially considering that the user is paying nothing for the service. At some point for the provider, a few lost accounts is cheaper than paying for an army of people in a call center — especially when an error in enabling access when they should not have has non-zero costs, too. "Can you believe those tech-monkeys gave access to my account to somebody else! Such morons!"
Not quite so black-and-white, as I see it.
I am, by no means, trying to exonerate Microsoft but just trying to point out a different perspective.
Wit is intellect, dancing.
(Score: 1, Insightful) by Anonymous Coward on Sunday September 25 2016, @01:16PM
Have to remember to turn off my phone email everytime i head to some off the path place or I end up locked out of gmail & social media. Since i generally use a local sim to avoid insane roaming charges and i dont want to share my phone details anyway. I cannot remedy it until i get home which could be months away. Its a total pita. Hell i got locked out of an account because i accidently joined my neighbours wifi once. :/
(Score: 0) by Anonymous Coward on Monday September 26 2016, @01:32AM
I don't understand stories like that at all. My family and I have had accounts broken into from all sorts of places. As late as six months ago, one had their gmail account, which they only logged in to from their static home address, logged in to and password changed by someone in India. Had to jump through hoops to change it back. Same with a Twitter account. Maybe providers just hate my Bible Belt conservative family.
(Score: 3, Interesting) by Marand on Sunday September 25 2016, @01:49PM
This is my first place entry only because it literally made authentication impossible:
One time, I attempted to sign up for an account on a site (from a large company that should know better) using an email of format foo+bar@example.com. I do this often for filtering purposes, plus a better idea of where spam comes from if I suddenly start receiving it. Sometimes the + causes problems during signup, but this time it went through without a hitch. Account made, email verified, no problems; couldn't be easier, right?
Wrong. Everything was fine up until the point that I had to actually log into the site with that email/pass combination. The account was created, details locked in, but attempting to login with the email address was met with errors. The form itself didn't have a problem with the +, but whatever email/pass validation they did on the backend broke with the + and crapped out errors.
Best part is the account existed as I'd given it, even though the login process couldn't handle it. I couldn't create it again with same name, couldn't use same additional information during creation ("this name already exists" type shit), couldn't do any sort of account change or recovery.
TL;DR: sign-up and sign-in worked completely differently on the back end, so it was possible to create an account that was considered invalid by the login checks. Good job, guys.
Second place would be when I needed to change some personal information for an online game's account. Damn thing got locked for the duration of the process, which took forever, and I had to provide a ludicrous amount of personal information to prove my identity. Surprised they didn't ask for DNA samples. It took more effort to fix that than it usually takes to prove identity for banks, jobs, etc. For a fucking game. I would have told them to piss off if it hadn't been a gift that'd already been paid for.
(Score: 3, Interesting) by Chromium_One on Sunday September 25 2016, @02:02PM
Yeah, no.
the address+foo@ is a nice idea, but I don't see the point. Bad actors who resell email addresses can very easily strip the +foo or any periods from the username filed of your address. Personally I'd rather just generate a new address that directly identifies the org that's getting it. Variants on "companynamebilling@mydomain" is good enough for about everything.
When you live in a sick society, everything you do is wrong.
(Score: 2) by Marand on Sunday September 25 2016, @02:46PM
Who says they're mutually exclusive? Making a separate account for every sign-up ever is unnecessary overkill, so I mix the two ideas.
I have multiple accounts I use, but I also use the +foo thing along with it so that I don't have to check (and manage) dozens of separate accounts. I can have, say, one email for forum type junk and add +sitename to further separate and identify, then do the same thing for a different account dedicated to communication stuff (IM accounts, stuff like that), and so on.
You're right that people can strip the +foo but few (if any) actually do, so it provides easy sorting because I can filter on the incoming address instead of the sender address (which I've noticed sometimes changes as the sender changes their infrastructure, or outsources mailing list duty to another company, etc.)
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @03:49PM
Use something like foo99bar@example.com.
There's lots of software that filters for proper email addresses, and many of them work slightly differently. So if you push the envelope you're asking for trouble.
(Score: 2) by Chromium_One on Sunday September 25 2016, @04:52PM
Why not a new address per account? It's a bit more record keeping for new signups, but not much once you've got a system set up. Any new address is forwarded to (or mail alias is created for) your main address, one filter rule per address to sort to an appropriate folder, done.
When you live in a sick society, everything you do is wrong.
(Score: 2) by Marand on Monday September 26 2016, @04:18AM
Mostly just convenience. If I decide I want to sign up for something I don't have to stop and go set up a mail alias in the middle of it, I just stick a +string on there during sign-up and I'm done. I could get similar behaviour making an address act as a catch-all so that mail to any un-created addresses goes to that one, but I've never liked doing that.
So, I do +foo most of the time because it's fast/easy, then switch to separate addresses if it fails for some reason.
(Score: 2) by Whoever on Sunday September 25 2016, @05:00PM
While this is true, it assumes a level of competence that is not typical among spammers. I run my own domain/MTA and, having registered foo+bar@mydomain style addresses with websites, my MTA gets attempts to send emails to bar@mydomain. Somewhere along the line a script has tripped up on the "+" character.
I have also seen the problem that I can register the foo+bar@address, but not log in with it. In the most recent case, this login problem only applied to the Android app: I was able to log into the website with the foo+bar@ address.
(Score: 1) by ewk on Monday September 26 2016, @10:31AM
"...my MTA gets attempts to send emails to bar@mydomain. Somewhere along the line a script has tripped up on the "+" character."
And if it trips on the part before the '+', email is sent to 'foo' :-)
So that attempt never even reaches your MTA anyhow :-D
I don't always react, but when I do, I do it on SoylentNews
(Score: 2) by NotSanguine on Sunday September 25 2016, @05:56PM
Variants on "companynamebilling@mydomain" is good enough for about everything.
That's exactly what I do. And as soon I don't like the emails I'm getting to a particular address, BZZT! I disable it. No muss, no fuss.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Monday September 26 2016, @08:06AM
If you always use a suffix stripping it off would give them the address for the spam folder. The idea is that the suffixes you actually want email from are whitelisted, and once you start receiving spam on that address, you simply remove it from the whitelist.
That's a different way of doing the exact same thing, except that your method requires your own doman, while the + thing is a gmail.com feature.
(Score: 2) by Chromium_One on Monday September 26 2016, @04:44PM
That's one way to go about it, however ...
No, it's not the exact same thing. The user+foo bit can be fucked with by the sender. A completely different address can't. Also, it does not require your own domain, though that is much, much more convenient. You know there's no real limit on, for example, gmail addresses forwarded to one box right?
No, the user+foo addressing is not a gmail feature, it's standard in how email is supposed to work, mentioned in RFC 5233 and possibly others. Not that people pay much attention to standards.
When you live in a sick society, everything you do is wrong.
(Score: 2) by SomeGuy on Sunday September 25 2016, @05:32PM
Odd characters can even be a problem on password fields. You know, the ones where these days you are encouraged or even required to use a "special" character or two. Hmm, what kind of password would little Bobby Tables use?
Once managed to get a space character at the end of a password. Resulted in some interesting problems, but at least I was able to change that later.
(Score: 2) by Marand on Monday September 26 2016, @04:26AM
Password fields are a whole different nightmare. I love when sites remind me to pick a strong password while simultaneously refusing to allow passwords longer than 16 characters and also enforcing limits on what characters you can use. They want "special" characters like you said, but not too special. You start throwing in parentheses, brackets, braces, spaces, umlauts (or other accents), and mathematical symbols and get told to try again with something easier to crack.
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @02:15PM
When PSN got hacked and said all users must go through the password reset procedure before they can log in again. I couldn't finish the password reset for some reason, it kept saying account couldn't be found. There was no way to get my account back, emails to Sony said I would have to create a new account as my old one was not retrievable or some such bullshit. I lost everything on that account.
(Score: 2) by Geotti on Sunday September 25 2016, @03:10PM
That's what you get for playing on a console. SCNR :)
(Score: 1, Informative) by Anonymous Coward on Sunday September 25 2016, @03:24PM
Had a Google account for almost a decade. Was one of the first people with a @gmail.com address, etc. I had tons of docs in the Google Cloud; was the typical Google fanboi. Linked to Youtube, G+, credit cards, wallet, you name it.
Moved to a different country. Used the SAME PHONE, just changed SIM Cards.
Would not authenticate to my Google account.
Tried logging in from my fucking Chromebook Pixel which was already registered to my Google account. Used the right password. But oh noes, they did not recognize my location and wanted to verify my identity by calling me or texting a message to my number.
(You know, the phone number that was back in the previous country, that I no longer had access to).
NOTE: I actually disabled two-factor authentication before traveling, so it should never have asked me to verify by phone.
Well guess what? If there is a support number for Google, I couldn't find it in two days of searching. I found a dialog box where I could plead my case to Google in 255 chars or less. Tried three times. Each time I got an automated response to my backup email address that it was denied.
There is no support with Google. You get what you pay for. In my case, I lost 10 years of documents. I will never have access to that account again.
Trusting anybody with your data is a very dangerous game. I now reverted back to my own backup solution at home. It's easy to set up when you're starting from scratch and have nothing to backup.
Since then I've moved on to another provider for mail, another provider for smartphone/tablet, and another provider for computers. All have paid support with real people on the other end. Lesson fucking learned.
(Score: 2) by opinionated_science on Sunday September 25 2016, @05:26PM
get GoogleFi for now. Seriously, I had a similar situation as yours (moving trans-oceans a few times), and instead I got a SIP phone number that connects to a DTD. i.e. Vonage (there are others...). I plug the modem into the internet in whichever country I'm in and it hooks up to a regular phone. But also, it allows forwarding to whatever numbers you have.
This is the practical way of managing multiple country movements, and making sure google can reach you...
But I got GoogleFi earlier this year, and I'm going to see how well it works on my next trans-ocean jaunts...
(Score: 5, Touché) by Chromium_One on Sunday September 25 2016, @07:37PM
"Here, let us sell you a solution to a problem we created for you!"
When you live in a sick society, everything you do is wrong.
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @08:00PM
uhm... this sounds like your fault. googledocs? really? if something is important, you have to have a local copy.
otherwise, i will mention that i've lived in several countries, i go to conferences and stuff in different places, and I've never had a problem with google locking me out. i think it did ask me about my password a couple of times, and it did send "suspicious lgin" messages to my backup e-mail, but nothing more than that.
(Score: 3, Insightful) by captain normal on Sunday September 25 2016, @05:29PM
From TFS (there is no article), "About three years ago someone established an outlook.com email for an organization. They passed the login info on to me."
Seems to me the person that set up the account used some authentication information that they did not pass on to you. Your only chance to gain use of that account is to get hold of that person (assuming they are still alive) and see if they can remember stuff like their first pet's name or their grandmother's maiden name.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 3, Touché) by Appalbarry on Sunday September 25 2016, @06:24PM
That's exactly it, although I'd add that trying to recall what "security" question answers I provided on my own accounts can be a real challenge, especially when most of them demand information that I'd already forgotten twenty years ago.
The twentysomethings in Silicon Valley seem to be incapable of understanding that a raft of questions about what you were doing at age twelve might be useless to anyone over the age of say, forty.
And a question like "Favorite TV Show" might be out of date and forgotten a year later.
They're creating a situation where the only way to ensure continued access to your account - especially with seemingly random demands that you "authenticate" yourself - pretty much requires you to write down all of the various answers somewhere. Or email them to yourself because slips of paper just don't work.
Thinking about all of this, I suspect that the number of email, forum, and website logins that I've just abandoned over the years probably exceeds the number that are still active.
Globally we must be looking at millions or billions of dormant accounts sitting on servers, consuming resources. Relying on a phone number, or an IP address as proof that you're real is really pretty pointless in an age when people access web based services form multiple machines, in multiple locations, in multiple countries.
Back to the central point though, if your company is going to force me to jump through all of these faux security hoops, you better give me a way to resolve problems when they don't work.
Ironically, I don't have to worry about the big Yahoo user info dump last week, because I had already been locked out of anything Yahoo a few years ago because of the same problems.
(Score: 2) by archfeld on Sunday September 25 2016, @06:26PM
The only way to ensure that you can regain access to an M$ domain, e.g. Hotmail, Live, or Outlook.com is to have a text enabled phone and/or another account setup as a recovery option ahead of time. Not that I have any great love for M$ or Hotmail, but they are as reliable as any other free webmail option and unlikely to go away. I use them as tear away emails, and publically available addresses to be handed out. My ISP gives me email as well as my employer but they both have hard contacts to me that I don't want exposed to the world at large. The other side of this kind of wall of stupidity is Yahoo mail, where you get hacked but don't find out for 4 years, so I'd prefer this. The lesson is use the account for what it is, don't send or receive critical email, never leave important info there without backing it up else where
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 2, Interesting) by Anonymous Coward on Sunday September 25 2016, @11:43PM
Related:
I travel a lot for work; I fill a passport every 2 years or so, mostly to third world countries. I got really tired of getting locked out of my emails, usually all of them at the same time as soon as I log in from an IP in Niger or Uzbekistan. Forget using a phone, roaming is a bitch; I only use local Sims (on my trusted 2006 Nokia travel phone). Sometimes roaming is not even possible (less so these days).
So I fixed the problem by having a little server at home running ubuntu, and I create an ssh proxy for Thunderbird. As far as my email providers are concerned, I am always home.
Never had issues since.
(Score: 1, Interesting) by Anonymous Coward on Monday September 26 2016, @01:48AM
Logged into Ebay from the Tor network, they suspended my account without explaining why. Said I would have to send them proof of my identity (birth certificate, passport, something like that) to get it reinstated.
(Score: 0) by Anonymous Coward on Monday September 26 2016, @08:20AM
I got Star Wars 2 for Christmas a few years ago. It requires creating a Battle.NET account, which the game serial number will be locked to. When I did so, I put some random characters in the "security question", rather than something everybody can answer like they expect (I expect everybody here knows that those "security questions" are one of the easiest ways to get access to another persons e-mail account). In 20 years, I have never encountered a site that actually needs the "security question".
That was, until my ISP closed down my e-mail account. I was given a month of warning, and started updating my e-mail address everywhere. Until I went to update it on Battle.NET. Can't change your e-mail address without the "security question". No way to reset the "security question". Tried contacting support, but didn't get an answer before my e-mail was closed down. Now I can't even contact support, because that requires being logged in, can't log in without my old e-mail account, can't update my e-mail account without contacting support.
Not buying anything from Blizzard again until they give me back the account my paid for copy of Star Craft 2 is locked to.