Hacker News new | ask | show | jobs
by Godel_unicode 1286 days ago
Can you expand on how that’s possible? Don’t the reset emails break you back in…?
2 comments
inetknght 1285 days ago
> Can you expand on how that’s possible?

1. Opened a MSN.net account in early 00's. Fake name/birthday provided as is the norm for the day and only email validation was required at the time.

2. Opened a Skype account in early 00's. Fake name/birthday information provided as is the norm for the day and only email validation was required at the time.

3. Microsoft merged Skype and MSN.net

4. Bought a Surface Pro in early 10's and that required a Microsoft account. Hated it and returned it, but now there's a CC and name associated with the account.

5. Account was hacked in mid 10's. Lost access.

6. Recovery workflow now involves "verifying" questions and answers that were never a part of the sign-up workflow, and secondary workflow involves "verifying" fake name/birthday information that's long since forgotten, or verifying purchases and prices and CC numbers (which have since changed), or verification of email.

7. Verification of email isn't enough because it's not a second factor. Want more verification.

8. MS phone support refuses to help, and brick & mortar staff have no capability to recover accounts

link
reportgunner 1286 days ago
I suppose that e-mail is not enough, they probably require a second factor like a phone number.
link