Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Sunday September 25 2016, @10:27AM   Printer-friendly
from the HA-HA! dept.

I always find the various authentication experiences to be more annoying than reassuring, but until now I've always managed to defeat whatever bizarre scheme a web site has created.

Yes, I'm fan of "Reset Password."

Microsoft though has stopped me dead by refusing me access to an outlook.com [account] even though I have the email address and password.

About three years ago someone established an outlook.com email for an organization. They passed the login info on to me. I subsequently just accessed it via Gmail for the next two years.

Today I tried to log in to outlook.com make some changes. They apparently feel that I am not who I say I am and demand some kind of "authentication."

After a half an hour of repeatedly submitting "Verification Forms" (Names, Birthdate, City, Postal Code, Captchas, Previous passwords....," entering numerous PINs, and generally jumping through hoops, I have concluded that I will never ever access this account again.

Best of all the email quoted below offers no way that I can appeal this to some kind of living being.

Is this the worst authentication disaster ever? Is there any logical reason why you would make it impossible for your customers to ever recover an account?

[Continues...]

We recently received a request to recover your Microsoft account *****@outlook.com. Unfortunately, our automated system has determined that the information you provided was not sufficient for us to validate your account ownership. Microsoft takes the security and privacy of our customers very seriously, and our commitment to protecting your personal information requires that we take the utmost care in ensuring that you are the account owner.

Please submit a new account verification form

At this point, your best option is to submit a new form with as much accurate information as you can gather. The more information you can include in the form, the better the chance you'll have of regaining access to your account. We've included a few tips below to help you fill out the form as completely and accurately as possible.

> Submit a new form

Helpful tips for filling out another form:

Answer as many questions as you can.
Use the information you provided when you created the account, or last updated it.
Submit the form from a computer you frequently use.
You will be asked to list recently used email addresses and the subject lines from recent emails. Ask for help from family members, friends, or business contacts to confirm their email addresses and tell you the subject lines of the last three emails they sent you.
Make sure to use the correct domain for your account, such as hotmail.com, live.com, or outlook.com. Keep in mind that your email address may be country specific. For example, if you created your account in Sweden, your domain would be "hotmail.co.se" rather than "hotmail.com".

Ready?

> Submit a new form

Thank you,
Microsoft Support Team

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by NotSanguine on Sunday September 25 2016, @05:49PM

    by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Sunday September 25 2016, @05:49PM (#406326) Homepage Journal

    That's exactly why I bought a 3 TB network drive. Its only disadvantage to "the cloud" is that I can only access my data at home.

    It doesn't have to be that way. this is a starting point [howtogeek.com]. Well, okay, it could be, but it was just the first relevant link in a google search for "Openvpn through home router" but it should give you an idea.

    I hope it helps.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by PocketSizeSUn on Monday September 26 2016, @12:00AM

    by PocketSizeSUn (5340) on Monday September 26 2016, @12:00AM (#406439)

    Hmm... Isn't that what 'owncloud' is for?

    Making your local data available to you via your own 'cloud' setup so you can do all the upload/download/share stuff?

    • (Score: 3, Insightful) by NotSanguine on Monday September 26 2016, @12:31AM

      by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Monday September 26 2016, @12:31AM (#406451) Homepage Journal

      Hmm... Isn't that what 'owncloud' is for?

      Making your local data available to you via your own 'cloud' setup so you can do all the upload/download/share stuff?

      And since Owncloud [owncloud.org] requires exposing a LAMP [wikipedia.org] stack and any data you wish to share to the Internet, you take on the risk associated with any bugs/vulnerabilities in the LAMP components that are extant or will become so.

      OpenVPN gives you the ability to terminate SSL connections with strong encryption/authentication and tunnel whatever you want. This allows remote access as well as file sharing. What's more, it does not require you to change how you currently share data internally.

      Moreover, if you want to competently administer Owncloud (LAMP) components, you will likely need to learn a bunch of new stuff, assuming you don't already have Linux, Apache, MariaDB and PHP running in your environment -- which is a good bet for most folks in a home environment.

      With OpenVPN, you learn/implement that and can then continue managing your home environment in exactly the same fashion as you always have.

      In an environment where you already have those components, whether that's because you have technical skills and run that stuff at home, or you're managing just file sharing for an organization of various sizes [owncloud.org], Owncloud may well make sense. Otherwise, not so much.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
      • (Score: 2) by HiThere on Monday September 26 2016, @12:39AM

        by HiThere (866) Subscriber Badge on Monday September 26 2016, @12:39AM (#406456) Journal

        Well, computers aren't that expensive. Run owncloud and nothing else on that computer, and do your work on a different computer. Takes a bit of space, but you can use a pretty small computer.

        --
        Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
        • (Score: 2) by HiThere on Monday September 26 2016, @12:43AM

          by HiThere (866) Subscriber Badge on Monday September 26 2016, @12:43AM (#406457) Journal

          P.S.: Set up the system with enough RAM and boot from a LiveDVD, that way your system can't get hacked. You'll have a bit of extra work whenever some of your software needs to be patched, but since you aren't running much on it, that should be infrequent. Alternatively you could mount the system partition as read only, but you'll need to do a bit of configuration as /tmp, e.g., is usually a part of the system partition. Also this isn't quite a secure as partitions can be remounted (though I've never tried to unmount and then remount the system partition).

          --
          Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
          • (Score: 3, Informative) by NotSanguine on Monday September 26 2016, @01:38AM

            by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Monday September 26 2016, @01:38AM (#406487) Homepage Journal

            P.S.: Set up the system with enough RAM and boot from a LiveDVD, that way your system can't get hacked. You'll have a bit of extra work whenever some of your software needs to be patched, but since you aren't running much on it, that should be infrequent. Alternatively you could mount the system partition as read only, but you'll need to do a bit of configuration as /tmp, e.g., is usually a part of the system partition. Also this isn't quite a secure as partitions can be remounted (though I've never tried to unmount and then remount the system partition).

            Absolutely. And since OpenVPN has turnkey Live CD/USB [turnkeylinux.org] distributions, it's pretty much a no-brainer.

            Owncloud is a file sharing platform. It allows you to up/download files sercurely.

            OpenVPN allows for remote access (e.g., VNC, RDP, ssh, etc.), client queries against internal servers (e.g., LDAP/AD, access to internal web servers, etc.), printing, and on and on. It is, after all, a VPN which allows you to tunnel arbitrary traffic.

            OpenVPN -- smaller resource footprint, smaller knowledge footprint, greater functionality
            Owncloud -- larger resource footprint, larger knowledge footprint, less functionality.

            Hmmm....Which should I use?

            As a simple-minded comparison, note the dependencies (see below) required for each platform:

            OpenVPN requires appropriate network device drivers, OpenVPN and its supporting packages/libraries:

            $ dnf repoquery --requires --resolve openvpn
            Last metadata expiration check: 0:15:52 ago on Sun Sep 25 21:00:30 2016.
            bash-0:4.3.42-6.fc24.x86_64
            glibc-0:2.23.1-10.fc24.i686
            glibc-0:2.23.1-10.fc24.x86_64
            iproute-0:4.4.0-3.fc24.x86_64
            lzo-0:2.08-8.fc24.x86_64
            openssl-libs-1:1.0.2h-3.fc24.x86_64
            pam-0:1.2.1-5.fc24.x86_64
            pkcs11-helper-0:1.11-8.fc24.x86_64
            systemd-libs-0:229-13.fc24.x86_64

            Owncloud requires Apache, MariaDB and PHP and all the supporting packages/libraries that go with it.

            Owncloud has it's own set of dependencies as well [owncloud.org]:

            Required:

                    php5 (>= 5.6)
                    PHP module ctype
                    PHP module dom
                    PHP module GD
                    PHP module iconv
                    PHP module JSON
                    PHP module libxml (Linux package libxml2 must be >=2.7.0)
                    PHP module mb multibyte
                    PHP module posix
                    PHP module SimpleXML
                    PHP module XMLWriter
                    PHP module zip
                    PHP module zlib

            Database connectors (pick the one for your database:)

                    PHP module sqlite (>= 3, usually not recommended for performance reasons)
                    PHP module pdo_mysql (MySQL/MariaDB)
                    PHP module pgsql (requires PostgreSQL >= 9.0)

            Recommended packages:

                    PHP module curl (highly recommended, some functionality, e.g. HTTP user authentication, depends on this)
                    PHP module fileinfo (highly recommended, enhances file analysis performance)
                    PHP module bz2 (recommended, required for extraction of apps)
                    PHP module intl (increases language translation performance and fixes sorting of non-ASCII characters)
                    PHP module mcrypt (increases file encryption performance)
                    PHP module openssl (required for accessing HTTPS resources)

            Required for specific apps:

                    PHP module ldap (for LDAP integration)
                    PHP module smbclient (SMB/CIFS integration, see SMB/CIFS)
                    PHP module ftp (for FTP storage / external user authentication)
                    PHP module imap (for external user authentication)

            Recommended for specific apps (optional):

                    PHP module exif (for image rotation in pictures app)
                    PHP module gmp (for SFTP storage)

            For enhanced server performance (optional) select one of the following memcaches:

                    PHP module apc
                    PHP module apcu
                    PHP module memcached
                    PHP module redis (>= 2.2.5, required for Transactional File Locking)

            See Configuring Memory Caching to learn how to select and configure a memcache.

            For preview generation (optional):

                    PHP module imagick
                    avconv or ffmpeg
                    OpenOffice or LibreOffice

            Apache dependencies:

            $ dnf repoquery --requires --resolve httpd
            Last metadata expiration check: 0:17:20 ago on Sun Sep 25 21:00:30 2016.
            apr-0:1.5.2-3.fc24.x86_64
            apr-util-0:1.5.4-3.fc24.x86_64
            bash-0:4.3.42-6.fc24.x86_64
            expat-0:2.1.1-2.fc24.x86_64
            fedora-logos-httpd-0:22.0.0-3.fc24.noarch
            generic-logos-httpd-0:17.0.0-8.fc24.noarch
            glibc-0:2.23.1-10.fc24.i686
            glibc-0:2.23.1-10.fc24.x86_64
            httpd-0:2.4.23-4.fc24.x86_64
            httpd-filesystem-0:2.4.23-4.fc24.noarch
            httpd-tools-0:2.4.23-4.fc24.x86_64
            libdb-0:5.3.28-14.fc24.x86_64
            libnghttp2-0:1.7.1-1.fc24.x86_64
            libselinux-0:2.5-9.fc24.x86_64
            lua-0:5.3.3-2.fc24.x86_64
            mailcap-0:2.1.46-1.fc24.noarch
            openssl-libs-1:1.0.2h-3.fc24.x86_64
            pcre-0:8.39-3.fc24.x86_64
            systemd-libs-0:229-13.fc24.x86_64
            zlib-0:1.2.8-10.fc24.x86_64

            MariaDB dependencies:

            $ dnf repoquery --requires --resolve mariadb
            Last metadata expiration check: 0:18:12 ago on Sun Sep 25 21:00:30 2016.
            bash-0:4.3.42-6.fc24.x86_64
            coreutils-0:8.25-6.fc24.x86_64
            glibc-0:2.23.1-10.fc24.i686
            glibc-0:2.23.1-10.fc24.x86_64
            grep-0:2.25-1.fc24.x86_64
            libedit-0:3.1-14.20150325cvs.fc24.x86_64
            libstdc++-0:6.2.1-2.fc24.x86_64
            mariadb-common-3:10.1.17-1.fc24.x86_64
            ncurses-libs-0:6.0-6.20160709.fc24.x86_64
            openssl-libs-1:1.0.2h-3.fc24.x86_64
            perl-4:5.22.2-362.fc24.x86_64
            perl-Exporter-0:5.72-349.fc24.noarch
            perl-File-Temp-0:0.23.04-347.fc24.noarch
            perl-Getopt-Long-0:2.49.1-1.fc24.noarch
            zlib-0:1.2.8-10.fc24.x86_64

            PHP dependencies:

            $ dnf repoquery --requires --resolve php
            Last metadata expiration check: 0:18:48 ago on Sun Sep 25 21:00:30 2016.
            glibc-0:2.23.1-10.fc24.i686
            glibc-0:2.23.1-10.fc24.x86_64
            httpd-0:2.4.23-4.fc24.x86_64
            krb5-libs-0:1.14.3-9.fc24.x86_64
            libcom_err-0:1.42.13-4.fc24.x86_64
            libxml2-0:2.9.3-3.fc24.x86_64
            openssl-libs-1:1.0.2h-3.fc24.x86_64
            pcre-0:8.39-3.fc24.x86_64
            php-0:5.6.25-1.fc24.x86_64
            php-cli-0:5.6.25-1.fc24.x86_64
            php-common-0:5.6.25-1.fc24.x86_64
            zlib-0:1.2.8-10.fc24.x86_64

            • (Score: 2) by HiThere on Monday September 26 2016, @04:16AM

              by HiThere (866) Subscriber Badge on Monday September 26 2016, @04:16AM (#406525) Journal

              OK, I was speaking out of general principles. You appear to have domain knowledge.

              --
              Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
        • (Score: 2) by NotSanguine on Monday September 26 2016, @12:54AM

          by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Monday September 26 2016, @12:54AM (#406461) Homepage Journal

          Well, computers aren't that expensive. Run owncloud and nothing else on that computer, and do your work on a different computer. Takes a bit of space, but you can use a pretty small computer.

          The issue isn't hardware, it's security (you're terminating SSL tunnels with strong authentication and that's all) and usability (can your Aunt Celia* do Linux, web and DB admin?).

          Owncloud is not (unless you pay their commercial end) a turnkey solution (in which case, you're using 'someone else's servers' which pretty much negates the value of the product for home users). What's more, before you can even consider installing/configuring/managing/using Owncloud, you need to be at least minimally competent at installing/configuring/managing/using a LAMP stack.

          OpenVPN on the other hand, has a much narrower knowledge footprint and allows for significantly more functionality. And it will run on a pretty small computer (in fact, you can even install it, although I wouldn't recommend it, on your DD/Open-WRT device).

          *This assumes that you have an Aunt Celia.

          --
          No, no, you're not thinking; you're just being logical. --Niels Bohr
      • (Score: 2) by PocketSizeSUn on Monday September 26 2016, @10:36PM

        by PocketSizeSUn (5340) on Monday September 26 2016, @10:36PM (#406765)

        You seem to be under the impression that each option provides all of the solutions of the other but I really don't see it that way at all.

        I already run OpenVPN. I would however run OwnCloud to get the easy of use and seamless integration of having a remote cloud option to upload/download/share. Sharing seems to be messy if you idea of share includes providing some sort of VPN access to untrusted parties.

        Besides for the truly lazy, like myself, accessing data remotely is much easier (safer?) via ssh. (pubkey only thx).

        See Aunt Tilly doesn't have to run her own 'cloud' ... me and Aunt Tilly only have to trust *each other* enough for her to use the cloud bits I am providing. This whole discussion about Cloud has far more to do with trust and trust of the provider than it does over if to Cloud or not to Cloud. We dump crap on the cloud because it is convenient. Some of us do it ourselves because we are paranoid, or control freaks, or just too cheap to pay some else to admin something we can do ourselves.

        Conflating the complexity of LAMP is really silly, this is supposed to be frequented by technical people, after all. I spent more time dual homing OpenVPN than I did custom tweak my last LAMP deployment.

        • (Score: 2) by NotSanguine on Monday September 26 2016, @11:11PM

          by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Monday September 26 2016, @11:11PM (#406770) Homepage Journal

          You seem to be under the impression that each option provides all of the solutions of the other but I really don't see it that way at all.

          I'm not under that impression at all. As I said in other posts several times, OPenVPN allows you to tunnel arbitrary traffic and Owncloud allows you to share files.

          Moreover, OP was complaining that *he* (not others) couldn't access his own files remotely.

          If you want to *share* files with other people, that's a different issue/question.

          See Aunt Tilly doesn't have to run her own 'cloud' ... me and Aunt Tilly only have to trust *each other* enough for her to use the cloud bits I am providing.

          True enough, but I wasn't talking about the client bits for Aunt Celia, rather the server bits.

          As I said (not sure why I have to keep repeating myself with you):

          In an environment where you already have those components, whether that's because you have technical skills and run that stuff at home, or you're managing just file sharing for an organization of various sizes [owncloud.org], Owncloud may well make sense. Otherwise, not so much.

          As such, I wasn't trying to discredit Owncloud for the functionality it provides, rather pointing out that if your skill set and use case (as is true for *most*) doesn't align with Owncloud, it's not such a great solution. This situation is true for most people.

          Conflating the complexity of LAMP is really silly, this is supposed to be frequented by technical people, after all. I spent more time dual homing OpenVPN than I did custom tweak my last LAMP deployment.

          Is it? I didn't see any technical competency requirements when I signed up for my account. Perhaps they've changed something in the meantime. Your knowledge/use case is important and worthwhile. To you. Why are you assuming that either everyone else is just like you, or that everyone else doesn't matter? Are you really that self-absorbed?

          --
          No, no, you're not thinking; you're just being logical. --Niels Bohr
          • (Score: 2) by PocketSizeSUn on Tuesday September 27 2016, @01:31AM

            by PocketSizeSUn (5340) on Tuesday September 27 2016, @01:31AM (#406801)

            Ah yes. Trolling away I see.

            Just waiting on my bisect so I've got time to waste with you.

            I'm not under that impression at all. As I said in other posts several times, OPenVPN allows you to tunnel arbitrary traffic and Owncloud allows you to share files.

            As does ssh. Which depends on ... wait for it ... libc.
            And the configuration is ... literally nothing. The provided config file is the default values when no config is specified.

            Back to the SUBJECT at hand which is "That's cloud for you". Which to me kind means we are talking about cloud options.

            If this was various was to get remote access to your files then your OpenVPN ranting may have a place. As it is you shutdown other posters with your arrogant attitude and your strawman arguments.

            Basically nobody effin' cares about how deep the dependency tree is on a modern distribution. That's what the package manager is for after all. Also nobody really cares that one solution is a complex C/C++ program and the other is collection of scripts sitting on top of a stable collection of C programs. What people care is does it do the job and how difficult is it to get started. I pre-requisite of 'does it work' is rather moot at this point.

            The reality is that setting up an OpenVPN server has about the same number and level of considerations as setting up an ownCloud server. Both expect a certain level of understanding of certificates and domain names as well as who is allowed to connect over what security scheme. This is basic multi-user remote connected security stuff, if it freaks you out, go back and setup a ssh-server. Besides which deploying OpenVPN for point to point access is just really overkill and if you want to keep sidestepping around using OpenSSH vs OpenVPN for the *same task* then you are either delusional or a shill. What were are talking about here is OpenVPN server setups because that's how your remote OpenVPN clients (Laptop/Android phone/Office computer etc) are going to gain access to your personal data, presumably sitting in your home. Pretending that OpenVPN server setup is magical and Aunt Tilly can do it with the click of button is really disingenuous beyond disbelief so I have to assume that you are either a clueless wanna be or actually shilling for or against something. Since the client options and server options have to line up (Auth and Certs) there is not really a one-size-fits-all solution. Perhaps you working for an OpenVPN service provider?

            I use OpenVPN *client* because some protocols prefer to run over udp and tcp servers don't tunnel that very well. I *know* that OpenVPN client setups are a multi-step non-trivial process without adding the extra complexity of multi-homing.

            Well you seem to think I should be reading every post you've ever made so ...

            Based on:

            OpenVPN allows for remote access (e.g., VNC, RDP, ssh, etc.), client queries against internal servers (e.g., LDAP/AD, access to internal web servers, etc.), printing, and on and on. It is, after all, a VPN which allows you to tunnel arbitrary traffic.

            And:

            Is it? I didn't see any technical competency requirements when I signed up for my account. Perhaps they've changed something in the meantime. Your knowledge/use case is important and worthwhile. To you. Why are you assuming that either everyone else is just like you, or that everyone else doesn't matter? Are you really that self-absorbed?

            I understand that while soylentnews does not require any sort of geek-cred to sign-up, as clearly you have, it does cater to said crowd. I also find it telling that you don't even seem to understand what OpenVPN is and what it is not and yet you are happily blasting HiThere out of complete ignorance of you own position.

            Hint: OpenVPN bridges networks, ssh tunnels. Ssh can quite happily tunnel VNC, RDP, access internal web servers, printers, and pretty much anything else that talks over tcp.

            For the very lazy and cheap there is already a Raspberry Pi build for ownCloud so McGraw can drop a Pi in front of his 3TB drive and access it anywhere and not have to worry about a lost password.

            In fact I have an idle wandboard next to me .. I think I'll set that up just for fun I've got a bunch of 2TB drives that are too small for anything else.

            • (Score: 2) by NotSanguine on Tuesday September 27 2016, @03:28AM

              by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Tuesday September 27 2016, @03:28AM (#406837) Homepage Journal

              Ah yes. Trolling away I see.

              Just waiting on my bisect so I've got time to waste with you.

              troll (n) [urbandictionary.com]:

              One who posts a deliberately provocative message to a newsgroup or message board with the intention of causing maximum disruption and argument

              Not sure how that applies to my posts, but go right ahead. You're definitely on a roll.

              Basically nobody effin' cares about how deep the dependency tree is on a modern distribution.

              That's often true. However, I was responding to HiThere's point about Owncloud not needing a big footprint. That is true, but OpenVPN's footprint is smaller. Do you dispute that statement, or are you just trying be contrary?

              I also find it telling that you don't even seem to understand what OpenVPN is and what it is not

              I'm sorry, what gives you that impression? OpenVPN (which I've implemented on a number of occasions), as well as other VPN implementations (whether they're based on SSL/TLS, IPSec or if you're old enough to remember such things, PPTP) many of which I've implemented and managed over the past 25 years provides an encrypted channel through which data can be passed without eavesdropping, across untrusted networks.

              Hint: OpenVPN bridges networks, ssh tunnels. Ssh can quite happily tunnel VNC, RDP, access internal web servers, printers, and pretty much anything else that talks over tcp.

              OpenVPN can be used to connect disparate networks. It can also be used by single computers to connect into a centralized network. In fact, OpenVPN servers can do both at once. In case you're not following along, the former functionality can be used to bridge [wikipedia.org] disparate networks, but such bridging is useful (at least these days) only in some bizarre edge cases.

              SSH can tunnel traffic as well. However, that doesn't invalidate the use case for OpenVPN.

              I'm not sure what's gotten a bug up your ass about this. Everything I've said is not only accurate, but also viable and useful. Yet you seem to be rather contrary about the whole thing.

              As such, I'm going to leave it at that since you seem to just want to argue and I'm sick of repeating myself for you.

              Kisses, darling!

              --
              No, no, you're not thinking; you're just being logical. --Niels Bohr
  • (Score: 3, Informative) by NotSanguine on Monday September 26 2016, @12:08AM

    by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Monday September 26 2016, @12:08AM (#406442) Homepage Journal

    Here are some better links:
    OpenVPN on Ubuntu [madisonlinux.org]
    OpenVPN on Linux Mint [purevpn.com]
    OpenVPN on Fedora [fedoraproject.org]
    OpenVPN on Open-WRT [openwrt.org]
    OpenVPN on DD-WRT [dd-wrt.com]
    OpenVPN on Windows [openvpn.net]

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr