SoylentNews is people
SoylentNews
I always find the various authentication experiences to be more annoying than reassuring, but until now I've always managed to defeat whatever bizarre scheme a web site has created.
Yes, I'm fan of "Reset Password."
Microsoft though has stopped me dead by refusing me access to an outlook.com [account] even though I have the email address and password.
About three years ago someone established an outlook.com email for an organization. They passed the login info on to me. I subsequently just accessed it via Gmail for the next two years.
Today I tried to log in to outlook.com make some changes. They apparently feel that I am not who I say I am and demand some kind of "authentication."
After a half an hour of repeatedly submitting "Verification Forms" (Names, Birthdate, City, Postal Code, Captchas, Previous passwords....," entering numerous PINs, and generally jumping through hoops, I have concluded that I will never ever access this account again.
Best of all the email quoted below offers no way that I can appeal this to some kind of living being.
Is this the worst authentication disaster ever? Is there any logical reason why you would make it impossible for your customers to ever recover an account?
[Continues...]
We recently received a request to recover your Microsoft account *****@outlook.com. Unfortunately, our automated system has determined that the information you provided was not sufficient for us to validate your account ownership. Microsoft takes the security and privacy of our customers very seriously, and our commitment to protecting your personal information requires that we take the utmost care in ensuring that you are the account owner.
Please submit a new account verification form
At this point, your best option is to submit a new form with as much accurate information as you can gather. The more information you can include in the form, the better the chance you'll have of regaining access to your account. We've included a few tips below to help you fill out the form as completely and accurately as possible.
> Submit a new form
Helpful tips for filling out another form:
Answer as many questions as you can.
Use the information you provided when you created the account, or last updated it.
Submit the form from a computer you frequently use.
You will be asked to list recently used email addresses and the subject lines from recent emails. Ask for help from family members, friends, or business contacts to confirm their email addresses and tell you the subject lines of the last three emails they sent you.
Make sure to use the correct domain for your account, such as hotmail.com, live.com, or outlook.com. Keep in mind that your email address may be country specific. For example, if you created your account in Sweden, your domain would be "hotmail.co.se" rather than "hotmail.com".Ready?
> Submit a new form
Thank you,
Microsoft Support TeamMicrosoft Corporation
One Microsoft Way
Redmond, WA 98052
USA
(Score: 2) by Whoever on Sunday September 25 2016, @05:00PM
While this is true, it assumes a level of competence that is not typical among spammers. I run my own domain/MTA and, having registered foo+bar@mydomain style addresses with websites, my MTA gets attempts to send emails to bar@mydomain. Somewhere along the line a script has tripped up on the "+" character.
I have also seen the problem that I can register the foo+bar@address, but not log in with it. In the most recent case, this login problem only applied to the Android app: I was able to log into the website with the foo+bar@ address.
(Score: 1) by ewk on Monday September 26 2016, @10:31AM
"...my MTA gets attempts to send emails to bar@mydomain. Somewhere along the line a script has tripped up on the "+" character."
And if it trips on the part before the '+', email is sent to 'foo' :-)
So that attempt never even reaches your MTA anyhow :-D
I don't always react, but when I do, I do it on SoylentNews