Stories
Slash Boxes
Comments

SoylentNews is people

Worst Authentication Experiences?

posted by cmn32480 on Sunday September 25 2016, @10:27AM   Printer-friendly
from the HA-HA! dept.

Appalbarry writes:

I always find the various authentication experiences to be more annoying than reassuring, but until now I've always managed to defeat whatever bizarre scheme a web site has created.

Yes, I'm fan of "Reset Password."

Microsoft though has stopped me dead by refusing me access to an outlook.com [account] even though I have the email address and password.

About three years ago someone established an outlook.com email for an organization. They passed the login info on to me. I subsequently just accessed it via Gmail for the next two years.

Today I tried to log in to outlook.com make some changes. They apparently feel that I am not who I say I am and demand some kind of "authentication."

After a half an hour of repeatedly submitting "Verification Forms" (Names, Birthdate, City, Postal Code, Captchas, Previous passwords....," entering numerous PINs, and generally jumping through hoops, I have concluded that I will never ever access this account again.

Best of all the email quoted below offers no way that I can appeal this to some kind of living being.

Is this the worst authentication disaster ever? Is there any logical reason why you would make it impossible for your customers to ever recover an account?

[Continues...]

We recently received a request to recover your Microsoft account *****@outlook.com. Unfortunately, our automated system has determined that the information you provided was not sufficient for us to validate your account ownership. Microsoft takes the security and privacy of our customers very seriously, and our commitment to protecting your personal information requires that we take the utmost care in ensuring that you are the account owner.

Please submit a new account verification form

At this point, your best option is to submit a new form with as much accurate information as you can gather. The more information you can include in the form, the better the chance you'll have of regaining access to your account. We've included a few tips below to help you fill out the form as completely and accurately as possible.

> Submit a new form

Helpful tips for filling out another form:

Answer as many questions as you can.
Use the information you provided when you created the account, or last updated it.
Submit the form from a computer you frequently use.
You will be asked to list recently used email addresses and the subject lines from recent emails. Ask for help from family members, friends, or business contacts to confirm their email addresses and tell you the subject lines of the last three emails they sent you.
Make sure to use the correct domain for your account, such as hotmail.com, live.com, or outlook.com. Keep in mind that your email address may be country specific. For example, if you created your account in Sweden, your domain would be "hotmail.co.se" rather than "hotmail.com".

Ready?

> Submit a new form

Thank you,
Microsoft Support Team

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

Original Submission

 
This discussion has been archived. No new comments can be posted.
Worst Authentication Experiences? | Log In/Create an Account | Top | 62 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by HiThere on Monday September 26 2016, @12:39AM

    by HiThere (866) Subscriber Badge on Monday September 26 2016, @12:39AM (#406456) Journal

    Well, computers aren't that expensive. Run owncloud and nothing else on that computer, and do your work on a different computer. Takes a bit of space, but you can use a pretty small computer.

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by HiThere on Monday September 26 2016, @12:43AM

    by HiThere (866) Subscriber Badge on Monday September 26 2016, @12:43AM (#406457) Journal

    P.S.: Set up the system with enough RAM and boot from a LiveDVD, that way your system can't get hacked. You'll have a bit of extra work whenever some of your software needs to be patched, but since you aren't running much on it, that should be infrequent. Alternatively you could mount the system partition as read only, but you'll need to do a bit of configuration as /tmp, e.g., is usually a part of the system partition. Also this isn't quite a secure as partitions can be remounted (though I've never tried to unmount and then remount the system partition).

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.

    • (Score: 3, Informative) by NotSanguine on Monday September 26 2016, @01:38AM

      by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Monday September 26 2016, @01:38AM (#406487) Homepage Journal

      P.S.: Set up the system with enough RAM and boot from a LiveDVD, that way your system can't get hacked. You'll have a bit of extra work whenever some of your software needs to be patched, but since you aren't running much on it, that should be infrequent. Alternatively you could mount the system partition as read only, but you'll need to do a bit of configuration as /tmp, e.g., is usually a part of the system partition. Also this isn't quite a secure as partitions can be remounted (though I've never tried to unmount and then remount the system partition).

      Absolutely. And since OpenVPN has turnkey Live CD/USB [turnkeylinux.org] distributions, it's pretty much a no-brainer.

      Owncloud is a file sharing platform. It allows you to up/download files sercurely.

      OpenVPN allows for remote access (e.g., VNC, RDP, ssh, etc.), client queries against internal servers (e.g., LDAP/AD, access to internal web servers, etc.), printing, and on and on. It is, after all, a VPN which allows you to tunnel arbitrary traffic.

      OpenVPN -- smaller resource footprint, smaller knowledge footprint, greater functionality
      Owncloud -- larger resource footprint, larger knowledge footprint, less functionality.

      Hmmm....Which should I use?

      As a simple-minded comparison, note the dependencies (see below) required for each platform:

      OpenVPN requires appropriate network device drivers, OpenVPN and its supporting packages/libraries:

      $ dnf repoquery --requires --resolve openvpn
      Last metadata expiration check: 0:15:52 ago on Sun Sep 25 21:00:30 2016.
      bash-0:4.3.42-6.fc24.x86_64
      glibc-0:2.23.1-10.fc24.i686
      glibc-0:2.23.1-10.fc24.x86_64
      iproute-0:4.4.0-3.fc24.x86_64
      lzo-0:2.08-8.fc24.x86_64
      openssl-libs-1:1.0.2h-3.fc24.x86_64
      pam-0:1.2.1-5.fc24.x86_64
      pkcs11-helper-0:1.11-8.fc24.x86_64
      systemd-libs-0:229-13.fc24.x86_64

      Owncloud requires Apache, MariaDB and PHP and all the supporting packages/libraries that go with it.

      Owncloud has it's own set of dependencies as well [owncloud.org]:

      Required:

              php5 (>= 5.6)
              PHP module ctype
              PHP module dom
              PHP module GD
              PHP module iconv
              PHP module JSON
              PHP module libxml (Linux package libxml2 must be >=2.7.0)
              PHP module mb multibyte
              PHP module posix
              PHP module SimpleXML
              PHP module XMLWriter
              PHP module zip
              PHP module zlib

      Database connectors (pick the one for your database:)

              PHP module sqlite (>= 3, usually not recommended for performance reasons)
              PHP module pdo_mysql (MySQL/MariaDB)
              PHP module pgsql (requires PostgreSQL >= 9.0)

      Recommended packages:

              PHP module curl (highly recommended, some functionality, e.g. HTTP user authentication, depends on this)
              PHP module fileinfo (highly recommended, enhances file analysis performance)
              PHP module bz2 (recommended, required for extraction of apps)
              PHP module intl (increases language translation performance and fixes sorting of non-ASCII characters)
              PHP module mcrypt (increases file encryption performance)
              PHP module openssl (required for accessing HTTPS resources)

      Required for specific apps:

              PHP module ldap (for LDAP integration)
              PHP module smbclient (SMB/CIFS integration, see SMB/CIFS)
              PHP module ftp (for FTP storage / external user authentication)
              PHP module imap (for external user authentication)

      Recommended for specific apps (optional):

              PHP module exif (for image rotation in pictures app)
              PHP module gmp (for SFTP storage)

      For enhanced server performance (optional) select one of the following memcaches:

              PHP module apc
              PHP module apcu
              PHP module memcached
              PHP module redis (>= 2.2.5, required for Transactional File Locking)

      See Configuring Memory Caching to learn how to select and configure a memcache.

      For preview generation (optional):

              PHP module imagick
              avconv or ffmpeg
              OpenOffice or LibreOffice

      Apache dependencies:

      $ dnf repoquery --requires --resolve httpd
      Last metadata expiration check: 0:17:20 ago on Sun Sep 25 21:00:30 2016.
      apr-0:1.5.2-3.fc24.x86_64
      apr-util-0:1.5.4-3.fc24.x86_64
      bash-0:4.3.42-6.fc24.x86_64
      expat-0:2.1.1-2.fc24.x86_64
      fedora-logos-httpd-0:22.0.0-3.fc24.noarch
      generic-logos-httpd-0:17.0.0-8.fc24.noarch
      glibc-0:2.23.1-10.fc24.i686
      glibc-0:2.23.1-10.fc24.x86_64
      httpd-0:2.4.23-4.fc24.x86_64
      httpd-filesystem-0:2.4.23-4.fc24.noarch
      httpd-tools-0:2.4.23-4.fc24.x86_64
      libdb-0:5.3.28-14.fc24.x86_64
      libnghttp2-0:1.7.1-1.fc24.x86_64
      libselinux-0:2.5-9.fc24.x86_64
      lua-0:5.3.3-2.fc24.x86_64
      mailcap-0:2.1.46-1.fc24.noarch
      openssl-libs-1:1.0.2h-3.fc24.x86_64
      pcre-0:8.39-3.fc24.x86_64
      systemd-libs-0:229-13.fc24.x86_64
      zlib-0:1.2.8-10.fc24.x86_64

      MariaDB dependencies:

      $ dnf repoquery --requires --resolve mariadb
      Last metadata expiration check: 0:18:12 ago on Sun Sep 25 21:00:30 2016.
      bash-0:4.3.42-6.fc24.x86_64
      coreutils-0:8.25-6.fc24.x86_64
      glibc-0:2.23.1-10.fc24.i686
      glibc-0:2.23.1-10.fc24.x86_64
      grep-0:2.25-1.fc24.x86_64
      libedit-0:3.1-14.20150325cvs.fc24.x86_64
      libstdc++-0:6.2.1-2.fc24.x86_64
      mariadb-common-3:10.1.17-1.fc24.x86_64
      ncurses-libs-0:6.0-6.20160709.fc24.x86_64
      openssl-libs-1:1.0.2h-3.fc24.x86_64
      perl-4:5.22.2-362.fc24.x86_64
      perl-Exporter-0:5.72-349.fc24.noarch
      perl-File-Temp-0:0.23.04-347.fc24.noarch
      perl-Getopt-Long-0:2.49.1-1.fc24.noarch
      zlib-0:1.2.8-10.fc24.x86_64

      PHP dependencies:

      $ dnf repoquery --requires --resolve php
      Last metadata expiration check: 0:18:48 ago on Sun Sep 25 21:00:30 2016.
      glibc-0:2.23.1-10.fc24.i686
      glibc-0:2.23.1-10.fc24.x86_64
      httpd-0:2.4.23-4.fc24.x86_64
      krb5-libs-0:1.14.3-9.fc24.x86_64
      libcom_err-0:1.42.13-4.fc24.x86_64
      libxml2-0:2.9.3-3.fc24.x86_64
      openssl-libs-1:1.0.2h-3.fc24.x86_64
      pcre-0:8.39-3.fc24.x86_64
      php-0:5.6.25-1.fc24.x86_64
      php-cli-0:5.6.25-1.fc24.x86_64
      php-common-0:5.6.25-1.fc24.x86_64
      zlib-0:1.2.8-10.fc24.x86_64

      • (Score: 2) by HiThere on Monday September 26 2016, @04:16AM

        by HiThere (866) Subscriber Badge on Monday September 26 2016, @04:16AM (#406525) Journal

        OK, I was speaking out of general principles. You appear to have domain knowledge.

        --
        Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.

  • (Score: 2) by NotSanguine on Monday September 26 2016, @12:54AM

    by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Monday September 26 2016, @12:54AM (#406461) Homepage Journal

    Well, computers aren't that expensive. Run owncloud and nothing else on that computer, and do your work on a different computer. Takes a bit of space, but you can use a pretty small computer.

    The issue isn't hardware, it's security (you're terminating SSL tunnels with strong authentication and that's all) and usability (can your Aunt Celia* do Linux, web and DB admin?).

    Owncloud is not (unless you pay their commercial end) a turnkey solution (in which case, you're using 'someone else's servers' which pretty much negates the value of the product for home users). What's more, before you can even consider installing/configuring/managing/using Owncloud, you need to be at least minimally competent at installing/configuring/managing/using a LAMP stack.

    OpenVPN on the other hand, has a much narrower knowledge footprint and allows for significantly more functionality. And it will run on a pretty small computer (in fact, you can even install it, although I wouldn't recommend it, on your DD/Open-WRT device).

    *This assumes that you have an Aunt Celia.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr