SoylentNews is people
SoylentNews
I always find the various authentication experiences to be more annoying than reassuring, but until now I've always managed to defeat whatever bizarre scheme a web site has created.
Yes, I'm fan of "Reset Password."
Microsoft though has stopped me dead by refusing me access to an outlook.com [account] even though I have the email address and password.
About three years ago someone established an outlook.com email for an organization. They passed the login info on to me. I subsequently just accessed it via Gmail for the next two years.
Today I tried to log in to outlook.com make some changes. They apparently feel that I am not who I say I am and demand some kind of "authentication."
After a half an hour of repeatedly submitting "Verification Forms" (Names, Birthdate, City, Postal Code, Captchas, Previous passwords....," entering numerous PINs, and generally jumping through hoops, I have concluded that I will never ever access this account again.
Best of all the email quoted below offers no way that I can appeal this to some kind of living being.
Is this the worst authentication disaster ever? Is there any logical reason why you would make it impossible for your customers to ever recover an account?
[Continues...]
We recently received a request to recover your Microsoft account *****@outlook.com. Unfortunately, our automated system has determined that the information you provided was not sufficient for us to validate your account ownership. Microsoft takes the security and privacy of our customers very seriously, and our commitment to protecting your personal information requires that we take the utmost care in ensuring that you are the account owner.
Please submit a new account verification form
At this point, your best option is to submit a new form with as much accurate information as you can gather. The more information you can include in the form, the better the chance you'll have of regaining access to your account. We've included a few tips below to help you fill out the form as completely and accurately as possible.
> Submit a new form
Helpful tips for filling out another form:
Answer as many questions as you can.
Use the information you provided when you created the account, or last updated it.
Submit the form from a computer you frequently use.
You will be asked to list recently used email addresses and the subject lines from recent emails. Ask for help from family members, friends, or business contacts to confirm their email addresses and tell you the subject lines of the last three emails they sent you.
Make sure to use the correct domain for your account, such as hotmail.com, live.com, or outlook.com. Keep in mind that your email address may be country specific. For example, if you created your account in Sweden, your domain would be "hotmail.co.se" rather than "hotmail.com".Ready?
> Submit a new form
Thank you,
Microsoft Support TeamMicrosoft Corporation
One Microsoft Way
Redmond, WA 98052
USA
(Score: 2) by bzipitidoo on Sunday September 25 2016, @12:08PM
Well I can't use a Facebook account I set up with fake information even though I have the correct password and access to the email account I associated with it. Been locked out for at least 2 years now.
Somehow, Facebook decided the account was being misused and locked it. It will not unlock until I provide whatever birth date I gave it. When I set it up, I just made up a random date and didn't record it anywhere, not expecting Facebook would one day try to use that for authentication. I thought maybe I could recover the birthday by checking that account's connections to see when FB nagged them about my upcoming birthday, but no, I had set it to private. I tried to guess the birthday, but Facebook will not allow more than 3 attempts per hour. Tried a few hundred guesses, no luck, and ran out of patience. It could be broken with more attempts, but not worth it. Best I can do is delete the account and start a new one. Pretty annoying to get spam from FB about how I haven't logged in in a while. No shit, FB! At least I was able to unsubscribe from such messages.
(Score: 3, Touché) by Username on Sunday September 25 2016, @01:40PM
January 01 1970
(Score: 5, Informative) by Marand on Sunday September 25 2016, @01:56PM
Tip for the future: if you're going to put bullshit info in an account, record it somewhere!
What I do is make an encrypted file and write the fake info down, so that I can respond with whatever insane data I gave during account creation. I started doing this because of the prolific use of "recovery questions", which I've always hated. Using honest answers is a huge security risk, and sometimes using gibberish will result in you later being asked to answer it at weird times, like to update other account settings. As a workaround, I started recording the gibberish in a safe file so that I can get to it later if it ever becomes necessary.
(Score: 3, Interesting) by mcgrew on Sunday September 25 2016, @04:29PM
The same thing happened to my mcgrew@gmail.com address.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 3, Interesting) by Aiwendil on Sunday September 25 2016, @04:50PM
Create a half dozen dossiers with information that you always use to lie in forms. My oldest alias is a german man two years older than me that loves to travel, works with agriculture and has a german sheppard named Max.
Let's just say in the 15 years I've been using that profile it has become quite complete and actually gets more invitations to tradeshows event than I do :)
My youngest profile only has six years running so far - it's a dutch dockworker :)
(Score: 2) by bzipitidoo on Sunday September 25 2016, @07:00PM
Yes, I've started doing that.
They are getting more sophisticated at rejecting fake info. I didn't know the zipcode I pulled out of the air doesn't exist, and several times now, sites have rejected the fake info over that. Fake street names and phone numbers can be rejected. Found it was easier to pick a real address with a real phone number.
Why site owners bother with such checks I'm not sure. They want traffic, and don't care if someone is faking some info. Maybe advertisers forced it on them.
(Score: 1, Informative) by Anonymous Coward on Monday September 26 2016, @01:19AM
The only reason to require a phone number is for tracking purposes. For the people who collect personal info for tracking reason, the phone number is GOLD. Everything else is considered less than, and this goes even more so in the age of cell phones because many people share addresses or move often but cell phone numbers are often individual people and don't change as often.
(Score: 2) by Aiwendil on Monday September 26 2016, @06:26AM
Tgat 15 year old profile has the zip-code and adress of a park in Lübeck (in most modern countries adresses are often assigned decades ahead of development at stretches of roads, they are excellent to use to lie with), and it always refuses to enter a phone number (virtually all pages has a non-obvious "skip" option).
As stated - over time it becomes very complete..
(Score: 3, Interesting) by aclarke on Monday September 26 2016, @01:11PM