News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – making sure you control your Microsoft account

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – making sure you control your Microsoft account

    Viewing 9 reply threads
    • Author
      Posts
      • #2266468 Reply
      • #2266488 Reply
        John
        AskWoody Lounger

        I was resistant to two factor identification, because its another annoyance for users. But unfortunately its a necessary evil these days.

      • #2266516 Reply
        F A Kramer
        AskWoody Plus

        Unfortunately there are a number of big businesses that require using an email address as a Customer ID.  Thank You Woody, for not using email addresses that way!

      • #2266650 Reply
        Ascaris
        AskWoody_MVP

        It’s also a pretty handy example of another reason that you might not want to use a remote account to log in your local PC. Despite what MS claims, Windows is an operating system, not a cloud service. Why should a remote breach of a MS account have any effect upon logging into a local PC?

        Group "L" (KDE Neon User Edition 5.19.3).

      • #2266766 Reply
        Mele20
        AskWoody Lounger

        So the person you were helping only had ONE email account set up for authentication? Microsoft tells you to have TWO EMAIL ACCOUNTS set for authentication and also a THIRD method set up. One should install the Microsoft Authenticator app available for cell phones and set it up to generate a one time number for authentication.

        I too use a local account and I don’t have any Microsoft apps that I need to regularly login to. I only need to login to my two Microsoft accounts if I want to get something from the Microsoft store or change what Microsoft newsletters I subscribe to, etc. and I only have desktops so it is overkill for me, and the person you were helping, to set up the extensive and complicated logins Microsoft has pages and pages to explain. But I have done it. I have no idea why Microsoft originally said I could use github to login! But it is straightened out now and both accounts are using login verification through Microsoft Authenticator and are automatically backed up to iCloud.

        • #2266837 Reply
          dmt_3904
          AskWoody Plus

          So I am happy to report that I logged out of my MS account (was logged on via my laptop) and tried to logon from Ipad.  I input my password, it logged me on, but when I clicked on the avatar in upper right corner and “My Microsoft account” it asked for my password again, with a few options underneath, one of which was logon with Authenticator app code sent to your phone. Which I did, and it worked!! I logged out and back on a few time using computer/ipad – it asked for the authenticator code each time.

          So this is LIKE 2FA (my account says 2FA is off) and should be ok if someone gets my password and tries to logon, I should get the approval code on my phone, right?  I agree that MS has a complicated process that has been simple for me to set up for other services and I’d rather not do it if this will suffice for extra security.

      • #2266814 Reply
        dmt_3904
        AskWoody Plus

        I thought I had set up 2FA on my MS account, but when I checked, I hadn’t!! So I went to do that and am finding it quite difficult!!!  Normally, I click an option and it turns on 2FA for an account.  But MS has all these steps I don’t understand!!  I tried twice, but canceled and turned it off. I hope my acct isn’t messed up now, haven’t logged out yet.  I got the MS authenticator app.   This is tripping me up – do I need it for my Outlook on my phone? I don’t see where I can enter a password, their instructions aren’t right.

        There are a few steps you need to take to make sure all your apps and devices work with your Microsoft account. You need to create an app password for apps or devices that don’t accept security codes. First, if you sync your Outlook.com email with your smartphone, choose a link below to get instructions.

        And the first time I tried, I clicked cancel after the 1st or 2nd panel, it had given me a recovery code, which I wrote down, but I don’t know if it’s still valid!! Ugh Microsoft!

        Need some help setting this up, do I have to follow each step in the process?  Or can I bypass the one for outlook on my phone? I don’t have xbox or other apps.  And then, once I have it set, do I logon to my acct with the app on my phone?  Password on my laptop?  How does it work?  Again normally, I logon, I get texted a code and I input that.

        Currently, my account shows 2FA is not set up. thanks!

         

        • This reply was modified 1 month, 2 weeks ago by dmt_3904.
      • #2266957 Reply
        anonymous
        Guest

        I got into a similar bind trying to access my Microsoft Ads account.  I needed a code sent to the email address used as the log-in name. Problem is, I haven’t had that cable provider in several years, so I assumed it was a dead account.

        Long story short, Microsoft support was clueless; this thing had a timeout that lasted something like 7 days and they had to way to break into it.

        So in desperation, I dug through some files and found the psswd for that email account, tried it, and lo and behold it worked!  So I was able to retrieve the code and once I did everything was normal and I got back in.

        Kudos to verizon for allowing access on non-paid email accounts!

      • #2266968 Reply
        anonymous
        Guest

        Two factor authentication is useless. Hackers already have ways to bypass or illegal gain access or switch SIM cards. Check Zdnet article for more info.

        • #2266974 Reply
          b
          AskWoody Plus

          Two factor authentication is useless. Hackers already have ways to bypass or illegal gain access or switch SIM cards. Check Zdnet article for more info.

          This one?

          Two-factor authentication will stop most casual attacks dead in their tracks. It’s not perfect, though. A determined attacker who is directly targeting a specific account might be able to find ways to work around it, especially if he can hijack the email account used for recovery or redirect phone calls and SMS messages to a device he controls. But if someone is that determined to break into your account, you have a bigger problem.
          The password problem: How to use 2FA to improve your online security

          Far from useless. Just not guaranteed.

          1 user thanked author for this post.
          • #2267025 Reply
            dmt_3904
            AskWoody Plus

            I agree it’s not useless – it makes me feel better about security; I surely hope it is not misplaced (i.e. what I think is secure is actually not).  We have to try to do what we can to protect ourselves.  The bad guys are always getting better at what they do.  Hopefully, the good guys are able to stay ahead of them!!

        • #2266976 Reply
          dmt_3904
          AskWoody Plus

          I had heard about SIM card hackings. That is why I put a passcode on my wireless account. No one can access it or change anything without the code, in addition to the password. Which is at least 21 characters long.

          • This reply was modified 1 month, 1 week ago by dmt_3904.
          • This reply was modified 1 month, 1 week ago by dmt_3904.
          • #2266998 Reply
            Paul T
            AskWoody MVP

            How does a password on your wireless account help? Which wireless account?

            cheers, Paul

            • #2267024 Reply
              dmt_3904
              AskWoody Plus

              It’s for my phone.  I have my wireless account password and when I logon, there is an additional step of entering the passcode.  So if my password is breached, hacked, whatever – they also need the passcode to make any changes on the account.  It’s an additional layer of security – I hope!  ; )

              From my provider’s website:

              When your wireless account is protected with a passcode, it is different from your sign-in password, and isn’t related to your device or voicemail.

              • #2267039 Reply
                Paul T
                AskWoody MVP

                I don’t get what a wireless account is? Your phone is always connected wirelessly, so you can make calls or use the internet, so when do you need a wireless account?

                cheers, Paul

              • #2267042 Reply
                dmt_3904
                AskWoody Plus

                I am referring to the account logon for my wireless service.
                Scammers can activate your SIM card on another phone. So I put extra protection step on that account with a passcode. It should, hopefully, make it more difficult for someone to overtake my account.</p>
                https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself

                1 user thanked author for this post.
        • #2266983 Reply
          anonymous
          Guest

          And authenticator apps are no good either since they require a Smart Phone, which 1) Are the most vulnerable pieces of technology on Earth, 2) Not everyone has one. I don’t own one since touchscreen won’t acknowledge my fingers, so I’m stuck using basic dumb phones that have buttons.

          I wish more sites accepted Yubi keys. Those seem to be a rock solid, consistent solution, but there are still many sites that *insist* you connect your phone with them in some way.

          1 user thanked author for this post.
      • #2267044 Reply
        agoldhammer
        AskWoody Plus

        I understand where Susan is coming from but similar to other comments, I wonder about the utility of setting up 2FA for my home workstation.  Critical passwords are in a separate program that is very hard (nothing is impossible these days) to hack.  I think the workstation login is sufficient for my purposes.

      • #2267365 Reply
        anonymous
        Guest

        Why would you want a Mickeysoft account?  Don’t have one, don’t need to worry.

    Viewing 9 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – making sure you control your Microsoft account

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.