Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Worst Authentication Experiences?

posted by cmn32480 on Sunday September 25 2016, @10:27AM   Printer-friendly
from the HA-HA! dept.

Appalbarry writes:

I always find the various authentication experiences to be more annoying than reassuring, but until now I've always managed to defeat whatever bizarre scheme a web site has created.

Yes, I'm fan of "Reset Password."

Microsoft though has stopped me dead by refusing me access to an outlook.com [account] even though I have the email address and password.

About three years ago someone established an outlook.com email for an organization. They passed the login info on to me. I subsequently just accessed it via Gmail for the next two years.

Today I tried to log in to outlook.com make some changes. They apparently feel that I am not who I say I am and demand some kind of "authentication."

After a half an hour of repeatedly submitting "Verification Forms" (Names, Birthdate, City, Postal Code, Captchas, Previous passwords....," entering numerous PINs, and generally jumping through hoops, I have concluded that I will never ever access this account again.

Best of all the email quoted below offers no way that I can appeal this to some kind of living being.

Is this the worst authentication disaster ever? Is there any logical reason why you would make it impossible for your customers to ever recover an account?

[Continues...]

We recently received a request to recover your Microsoft account *****@outlook.com. Unfortunately, our automated system has determined that the information you provided was not sufficient for us to validate your account ownership. Microsoft takes the security and privacy of our customers very seriously, and our commitment to protecting your personal information requires that we take the utmost care in ensuring that you are the account owner.

Please submit a new account verification form

At this point, your best option is to submit a new form with as much accurate information as you can gather. The more information you can include in the form, the better the chance you'll have of regaining access to your account. We've included a few tips below to help you fill out the form as completely and accurately as possible.

> Submit a new form

Helpful tips for filling out another form:

Answer as many questions as you can.
Use the information you provided when you created the account, or last updated it.
Submit the form from a computer you frequently use.
You will be asked to list recently used email addresses and the subject lines from recent emails. Ask for help from family members, friends, or business contacts to confirm their email addresses and tell you the subject lines of the last three emails they sent you.
Make sure to use the correct domain for your account, such as hotmail.com, live.com, or outlook.com. Keep in mind that your email address may be country specific. For example, if you created your account in Sweden, your domain would be "hotmail.co.se" rather than "hotmail.com".

Ready?

> Submit a new form

Thank you,
Microsoft Support Team

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

Original Submission

 
This discussion has been archived. No new comments can be posted.
Worst Authentication Experiences? | Log In/Create an Account | Top | 62 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday September 26 2016, @08:06AM

    by Anonymous Coward on Monday September 26 2016, @08:06AM (#406570)

    Bad actors who resell email addresses can very easily strip the +foo or any periods from the username filed of your address.

    If you always use a suffix stripping it off would give them the address for the spam folder. The idea is that the suffixes you actually want email from are whitelisted, and once you start receiving spam on that address, you simply remove it from the whitelist.

    Personally I'd rather just generate a new address that directly identifies the org that's getting it. Variants on "companynamebilling@mydomain" is good enough for about everything.

    That's a different way of doing the exact same thing, except that your method requires your own doman, while the + thing is a gmail.com feature.

  • (Score: 2) by Chromium_One on Monday September 26 2016, @04:44PM

    by Chromium_One (4574) on Monday September 26 2016, @04:44PM (#406692)

    If you always use a suffix stripping it off would give them the address for the spam folder.

    That's one way to go about it, however ...

    That's a different way of doing the exact same thing, except that your method requires your own domain,

    No, it's not the exact same thing. The user+foo bit can be fucked with by the sender. A completely different address can't. Also, it does not require your own domain, though that is much, much more convenient. You know there's no real limit on, for example, gmail addresses forwarded to one box right?

    while the + thing is a gmail.com feature.

    No, the user+foo addressing is not a gmail feature, it's standard in how email is supposed to work, mentioned in RFC 5233 and possibly others. Not that people pay much attention to standards.

    --
    When you live in a sick society, everything you do is wrong.