Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


3030 posts

Uber Geek
+1 received by user: 466

Trusted
Subscriber

Topic # 239317 11-Jul-2018 21:41
One person supports this post
Send private message quote this post

So last night I casually turn on the Xbox to try and get a bit of gaming in before doing some work. "Sorry, sign in using a controller". Huh, OK, do that. "Sorry, something's wrong. You need to sign in on the web". That's new, so off to the laptop to sign in - "Your Microsoft account has been temporarily suspended. Please contact customer support and we'll ask you some questions and help you make sure your account is secure".

 

Contact Support. No option to phone, or email, just fill in a form. Fill in the form, "we'll contact you within 24 hours". Sorry, what? You've locked me out of paid services for an indeterminate amount of time and the only recourse is filling in a form and we'll get back to you? Chat support - "no, you have to wait for online safety to get back to you". Partner support - "that's odd, let me try fix that. Try resetting your password using this link, that'll fix it" - great, two factor comes in handy! - nope, the authenticator code works, but it requires another factor and all of those are "service temporarily unavailable". "Sorry, you'll have to wait for online safety".

 

24 hours later and, you guessed it! No contact back. Still locked out of tons of paid services, and everyone just says "sorry the automated system locked you out, but you have to wait for online safety to review and fix it".

 

If you can't meet your own stated timeframes for a response to automatically locking people's accounts that actually have your 2-factor that's supposed to prevent this, I would submit maybe you shouldn't be automatically locking people's accounts!

 

Meanwhile, anyone know anyone at Microsoft?


Create new topic
BDFL - Memuneh
61185 posts

Uber Geek
+1 received by user: 11968

Administrator
Trusted
Geekzone
Lifetime subscriber



3030 posts

Uber Geek
+1 received by user: 466

Trusted
Subscriber

  Reply # 2054632 11-Jul-2018 22:08
4 people support this post
Send private message quote this post

It is a ... thrilling experience I do say! I'm not sure why companies put so much trust in their automated processes to take such drastic actions to be honest.

 

With that said though, I thought two factor authentication was supposed to make this sort of thing a thing of the past? We accept a minor inconvenience to our authentication to be secure in the knowledge that no-one else can access our accounts?


4529 posts

Uber Geek
+1 received by user: 2022

Trusted
Subscriber

  Reply # 2054707 12-Jul-2018 07:44
Send private message quote this post

Kyanar:

 

It is a ... thrilling experience I do say! I'm not sure why companies put so much trust in their automated processes to take such drastic actions to be honest.

 

With that said though, I thought two factor authentication was supposed to make this sort of thing a thing of the past? We accept a minor inconvenience to our authentication to be secure in the knowledge that no-one else can access our accounts?

 

 

 

 

Indeed, you can easily see some less drastic compromises - for example, instead of locking you out of the account, perhaps merely lock new purchases or trades or in-game items. That way you can at least still play while the account problem is sorted out, and if your account *is* compromised, then the hacker can play your games, which affects nobody.





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.




3030 posts

Uber Geek
+1 received by user: 466

Trusted
Subscriber

  Reply # 2054738 12-Jul-2018 09:00
Send private message quote this post

SaltyNZ:

 

Indeed, you can easily see some less drastic compromises - for example, instead of locking you out of the account, perhaps merely lock new purchases or trades or in-game items. That way you can at least still play while the account problem is sorted out, and if your account *is* compromised, then the hacker can play your games, which affects nobody.

 

 

It's actually more drastic than that. I'm locked out of Partner Membership Centre and MAPS Licensing, Azure Admin Console, Office 365 Admin, and any third party websites where I use the Microsoft account to sign in.

 

Rest assured, one takeaway is I'll never trust Microsoft to be my authentication provider for third party services again.

 

Would you believe if you use a Microsoft account to sign into Windows, it even locks you out of your computer? And if you use Visual Studio or Office 365 licensed to that login, it literally expires your products?

 

With them tying this many paid (expensive even!) services to that login, "temporarily suspended" with no accountability is not an acceptable method of account security.


BDFL - Memuneh
61185 posts

Uber Geek
+1 received by user: 11968

Administrator
Trusted
Geekzone
Lifetime subscriber

1176 posts

Uber Geek
+1 received by user: 157

Trusted
Subscriber

  Reply # 2054768 12-Jul-2018 09:29
2 people support this post
Send private message quote this post

Kyanar:

 

Would you believe if you use a Microsoft account to sign into Windows, it even locks you out of your computer?

 

 

Hmm, time to re-think my setup. I've just moved to using my Microsoft account for authentication on all of my machines instead of a local account. Looks like that was a mistake and I shouldn't be trusting of Microsoft for basic stuff like this.

 

 


38 posts

Geek
+1 received by user: 16

Trusted

  Reply # 2054776 12-Jul-2018 09:44
2 people support this post
Send private message quote this post

Hi there, sorry youve had an issue with your Microsoft Account. As this is a consumer service you can log a support request at https://support.microsoft.com/en-nz/help/10494/microsoft-account-get-back-compromised-account 

We can try and help locally from MicrosoftNZ - please email the details of the case, including Microsoft Account email address, seperate backup mail address and contact number to nzcloud@microsoft.com and we will escalate to our consumer support team.

Thanks for the heads up Mauricio!







3030 posts

Uber Geek
+1 received by user: 466

Trusted
Subscriber

  Reply # 2054826 12-Jul-2018 10:19
Send private message quote this post

Thanks Paul, much appreciated. I would suggest for Microsoft it might be worth a review into whether this type of case should result in disabling access to Windows and other local software such as Visual Studio. I know that the Windows support team can unlink your Microsoft account remotely (or at least, I think that's what they were saying when I asked?) but calling support by phone is unlikely to be the first thing a consumer thinks of when Windows says "Sorry, something's wrong with your account. Sign in on the web" (which has its own set of issues if that's their only PC). 


4648 posts

Uber Geek
+1 received by user: 987

Moderator
Trusted
Lifetime subscriber

  Reply # 2054833 12-Jul-2018 10:28
2 people support this post
Send private message quote this post

Kyanar:

 

It's actually more drastic than that. I'm locked out of Partner Membership Centre and MAPS Licensing, Azure Admin Console, Office 365 Admin, and any third party websites where I use the Microsoft account to sign in.

 

 

I'm curious as to why you're using the same account for a personal service like Xbox as you are for corporate services like Azure and 365?


38 posts

Geek
+1 received by user: 16

Trusted

  Reply # 2054941 12-Jul-2018 12:17
2 people support this post
Send private message quote this post

gehenna:

 

Kyanar:

 

It's actually more drastic than that. I'm locked out of Partner Membership Centre and MAPS Licensing, Azure Admin Console, Office 365 Admin, and any third party websites where I use the Microsoft account to sign in.

 

 

I'm curious as to why you're using the same account for a personal service like Xbox as you are for corporate services like Azure and 365?

 

 

Agree, best practice would be a consumer account for "consumer stuff". I suspect the O365 one is a personal subscription to a retail version of O365 [Home/Personal]. Azure can and should be switched to OrgID/Azure AD, and MPN [Partner network, Microsoft Action Pack etc] etc should be a separate MSA account.

 

The account must have been compromised in some way.....For anyone reading this, if you dont have MFA turned on, do it now...the Internet can be a bad place!

 

 





38 posts

Geek
+1 received by user: 16

Trusted

  Reply # 2054946 12-Jul-2018 12:22
2 people support this post
Send private message quote this post

Kyanar:

 

Thanks Paul, much appreciated. I would suggest for Microsoft it might be worth a review into whether this type of case should result in disabling access to Windows and other local software such as Visual Studio. I know that the Windows support team can unlink your Microsoft account remotely (or at least, I think that's what they were saying when I asked?) but calling support by phone is unlikely to be the first thing a consumer thinks of when Windows says "Sorry, something's wrong with your account. Sign in on the web" (which has its own set of issues if that's their only PC). 

 

 

Quick update, we have escalated this internally. You should not be relying on a consumer login service as your only authentication to Windows, or O365, or VS - If you are a business, then you should use O365 Commerical services (you cannot use O365 Home/Personal for business use), which gives you an Azure AD account, and you can use this to join your device and access other services!

 

https://docs.microsoft.com/en-nz/azure/active-directory/device-management-azuread-joined-devices-frx 







3030 posts

Uber Geek
+1 received by user: 466

Trusted
Subscriber

  Reply # 2055179 12-Jul-2018 16:08
Send private message quote this post

paulb001:

 

Agree, best practice would be a consumer account for "consumer stuff". I suspect the O365 one is a personal subscription to a retail version of O365 [Home/Personal]. Azure can and should be switched to OrgID/Azure AD, and MPN [Partner network, Microsoft Action Pack etc] etc should be a separate MSA account.

 

The account must have been compromised in some way.....For anyone reading this, if you dont have MFA turned on, do it now...the Internet can be a bad place!

 

 

The account does have MFA - which is what confuses me. Anyways, it's mostly a case of an ancient legacy - I created the account so long ago back when I couldn't be bothered maintaining multiple accounts for things (since then I use password managers with complex passwords I couldn't remember if I tried, except for my online banking which is literally the weakest login I have).

 

The O365 and Azure admin stuff is actually attached to the AAD Tenant (good news) but annoyingly, MPN and MAPS refuse to allow attaching to an AAD account. Which is weird, because if you're signed into one when you go to PMC it actually says you're logged in but it can't find a partner association, it's just the onboarding that won't accept it for no good reason :(

 

Hopefully everyone is learning what you should and shouldn't do with an MSA though! We've long been prodded to use it as a way of logging into third party sites and even Windows itself, and it seems that may not actually be a good idea...


Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.