New PC? Lost your Microsoft account password?

Topic

New Reply

ISSUE 18.15 • 2021-04-26 MICROSOFT By Ben Myers If your dog ate your Microsoft account credentials, Microsoft will welcome you to the tenth circle of
[See the full post at: New PC? Lost your Microsoft account password?]

2 users thanked author for this post.

KP, abbodi86

Reply | Quote

Replies

On Windows 8.1 the process was much easier. Email was sent to my secondary email address and I changed password from there.

Bottom line is:

You are asked to enter at least three exact email addresses of correspondents to whom you have sent email, plus the exact subjects of at least three emails you have sent. The subjects and the email addresses do not have to be from the same emails.

How is this legal to ask? Also obviously when it takes 24 hours, I think some person is involved in unlocking your account.
With local account, you simply give answers to your security questions. Could this be more appropriate for online account too?

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

I am not a lawyer but I assume you sign away your rights to everything within terms of service that is how most tech companies skirt the law.

I have never forgot my microsoft password so never needed this but it wouldn’t work for me either I can’t remember the subject or recipients of one email let alone three.

Not everyone uses microsoft for email.  I guess that is not their (MS) concern.

1 user thanked author for this post.

doriel

Reply | Quote

Yes, I suppose you agree with the email sharing somewhere during the “I agree” part.
If you create MS account email with the same password is created.

And if you finally manage to opt-out all sharing and targetting for advertisement. BEHOLD! We just inventet thing called “legitimate interest”, which disrespects all your settings and STILL personalises your data (stores your data somewhere). It should respect my settings – if I have EVERYTHING ELSE disabled, this one should be disabled too.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

What “email sharing”?

Could you clarify “this one should be disabled too” in English, as I don’t understand “(stores your data somewhere)”?

Reply | Quote

Translated it means “legitimate interest”, as I already described in this topic before.

When I created that account on the screenshot, the “legitimate interest” switch was not there. It was created later with default state ON.

It is obvious, that if I have all other options disabled, I want that option to be disabled too.
By email sharing I mean, that someone (if my recovery password requirement is evaluated by humans) can see my email recepients and email subjects at least.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

Thanks. We don’t have that setting in Outlook.com in the US, so I suppose it’s only for the EU (and UK) GDPR.

But since “legitimate interest” means “absolutely necessary” in GDPR, if you don’t like it then you can only stop using the free service:

“Legitimate interest,” where the organisation needs to process data in order to provide the data subject with a service they signed up for

Right to object [exceptions]

Good luck finding an email service that doesn’t process your data! 😉

Reply | Quote

As I understand it, this process could never work for me or my wife. Neither of us use a Microsoft email server – I have my own domain and we use the IMAP server on the host of that domain. My wife does  not use a Microsoft email client and I use Outlook 2010, with the data only on my PC and the email host. Hence Microsoft does not have any of my/our emails to check against, or if it does it is in breach of GDPR. So it has nothing to check against, even if I were minded to give it any email data. Hence I would never be able to get authorisation for a new password.

Am I missing something, or has some supranational court ruled that everyone has to route their email through Microsoft?

(I hasten to add, we both use password managers which contain our Microsoft credentials, thank goodness.)

Chris
Win 10 Pro x64 Group A

Reply | Quote

I am like Chris.  I do not have a MS email account.  Or at least am not aware that I do?  I do have an old Outlook email address and account.  Is this a MS email account which can be used, should I need to reset my password.  Thanks for your article on this.

Dick – New Win 10 user and missing my old Win 7 OS!

 

Reply | Quote

Chris B wrote:

Hence Microsoft does not have any of my/our emails to check against, or if it does it is in breach of GDPR. So it has nothing to check against, even if I were minded to give it any email data. Hence I would never be able to get authorisation for a new password.

Am I missing something, or has some supranational court ruled that everyone has to route their email through Microsoft?

Checking contacts and subject lines only applies to Microsoft email accounts:

Outlook.com or hotmail.com accounts

We’ll ask you questions about your contacts and email subject lines.
Check with friends and family that you may have corresponded with from that account for help.
Email subject lines need to be exact.

Help with the Microsoft account recovery form

1 user thanked author for this post.

Chris B

Reply | Quote

So what do you do if you get a message back saying you have not met the Microsoft security tests. And you just go around in circles

Reply | Quote

I have had zero success using the method described.  You nailed it when you called it the circle of hell, except for one thing: you should have called it “the endless circle of hell”.
Why?
Because that is what I’ve experienced.  I needed a new email account, so I went looking for good reviews.  Based on reviews I read, I went to set a new outlook email account.  I did so, and saved a very complex password to keychain on my iPad.  Keychain is very secure, and is not available to anyone else, not even Apple.  I finished setting up my new outlook email account, and then they encouraged me to setup 2 factor authentication for the account, which I did.  When I then went to login to my never used, brand new email account, MS told me my password was incorrect!  I don’t know what went wrong with MS’s system, but I knew for a certainty that it was correct, as not only had keychain saved it, but so had I separately done done so, and both were identical.
From there, MS repeatedly took me to their “endless circle of hell”.  MS’s customer support is virtually non-existent to begin with, but this “endless circle of hell” takes them to new lows of what they call concern for their “customer’s security”.  NOT!  Round and round and round we go, asking for exact email addresses, subject lines, etc., etc., etc., for an email account that I never even got to use, because of their incompetence and total inability to recognize anything but their crippled system.
Just one more reason why I’ll never again own a windows machine!

Reply | Quote

Typed a post, left, returned and Clk’d Submit … and it Disappeared …. SO …

Logged-in to MS Acct …… would it have been in Advanced Security Options that I created a 25-Character Recovery Code for your scenario. THAT it’s Not mentioned as a TO-DO option makes me wonder IF I wrongly presumed its use.

My HOTMAIL  address is used in MS Acct Login BUT I recall the Recovery Code Setup wanted a 2nd / different Email address – so I entered my rarely-used Hotmail acct #2. Maybe because of that… on the Settings / Update & Security Page it wrongly shows my 2nd Hotmail address with the Admin Acct Name WHILE STILL correctly showing the Main Hotmail on the logged-in MS Acct page. No way to ever understand all the permutations!

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

1 user thanked author for this post.

rc primak

Reply | Quote

I have a password-protected Excel spreadsheet (with multiple duplicates/backups) for all my various accounts, so I don’t have to go through a password reset for anything.  My OneDrive uses a Microsoft account, but it is not an Outlook email address.

There is no Microsoft user account on any of my machines, only local accounts, so I don’t need Microsoft’s help for any passwords for any thing.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

3 users thanked author for this post.

wavy, rc primak, doriel

Reply | Quote

First thing I do when setting up any service is to write down or otherwise archive my account login info, including passwords, secret question answers, alt. email addresses, device or app specific authorization codes, 2FA choices, and account recovery codes. Archived master lists should be password protected. But you also need that password to be stored safely!

For MS Accounts, you set up an Account Recovery Code. This will almost always get you into your account. This too should be stored in a way that you can access it even if the device is unavailable and at least one of your backup locations fails.

And I don’t make my device logins dependent on my MS Account login. This means that I don’t install or upgrade Windows using the MS Account as my Admin Login ID. That is a road which leads to madness!

-- rc primak

Reply | Quote

rc primak wrote:

And I don’t make my device logins dependent on my MS Account login. This means that I don’t install or upgrade Windows using the MS Account as my Admin Login ID. That is a road which leads to madness!

How does that lead to madness?

It means you can always reset a forgotten password, apart from other advantages.

Reply | Quote

We all have our preferences. I prefer not to have to connect to the Internet just to use my primary Admin Account for device local maintenance. I don’t live in the cloud all day.

Also, if you make your device login dependent on your MS Account login, it makes your life much more difficult if you lose your MS Account password. (Though if you use that login all the time,I guess forgetting the password is very unlikely.)

-- rc primak

Reply | Quote

rc primak wrote:

We all have our preferences. I prefer not to have to connect to the Internet just to use my primary Admin Account for device local maintenance. I don’t live in the cloud all day.

You don’t need an internet connection to login to Windows with a Microsoft account.

rc primak wrote:

Also, if you make your device login dependent on your MS Account login, it makes your life much more difficult if you lose your MS Account password. (Though if you use that login all the time,I guess forgetting the password is very unlikely.)

It’s easier for many people to deal with a forgotten password for an MS login than for a local account, especially if it’s the only active administrator.

Reply | Quote

Kudos to you, Professor Myers!! 2 gems in that article: 1) using another Microsoft mail account and 2) squeezing off emails in this account to complete the verify process, are absolutely priceless…and seem so obvious AFTER one sees the ideas in print.

1 user thanked author for this post.

Ben Myers

Reply | Quote

I was not aware I had a Microsoft account.

Nor what big loss would ensue if I lack a Microsoft account.

Inasmuch as I don’t trust Microsoft, I have tried hard to avoid getting a Microsoft account, although I have had to do some serious sashaying to escape it.

I have no trouble surfing the web, using Yahoomail or the Microsoft apps I use.

I had to do some serious evasive action to avoid getting “upgraded” from Windows 7 (good) to Windows 10 (grabby and pushy). When my W7 computer crashed, the only machine I could buy is W10. Even 8.1, which I had on a backup, was better than W10. One day soon I plan to “downgrade” it to W7. They don’t know enough to leave a good thing alone.

Perhaps one day I may seek out refuge with Ubuntu.

Reply | Quote

I have four ‘Microsoft Accounts’ (not including my Windows local pc login.) For want of a better way of distinguishing them I have called them “Microsoft – Office 365 web login’, ‘Microsoft – Office email account to link to Skype’, ‘Microsoft / Xbox account’, and ‘Microsoft Tech forum’. The first two use an ***onmicrosoft.com user name, and the other two my regular eddress. I make no claim that these are good names, in fact whenever I try to login to MS I have to try two or three of these in turn to get in. Can any one illuminate why I need four, which is what, and which is Ben talking about?

Reply | Quote