Security Issues in Two-step Verification

V

VortexWx

The issue:

I changed my password for Microsoft about a month ago because my Spotify account was successfully logged into from Russia. I live in Tucson, AZ. Apparently that didn't raise a flag for them. I had been fairly lazy lately and had the same password for multiple sites (my MS account was not one of them) so I immediately made unique passwords for every account I had, including a new and far more difficult one for my Microsoft account. I'm hoping it's not too long for my Xbox 360 since there is a length limit. I am afraid to check.


Today I got a notification in my Hotmail and my Gmail account (which is the backup for security reasons) that there was an unauthorized attempted login in Oklahoma. No details as to whether or not it was successful. I did verify that on my Microsoft account security page. So I click the link in my email to change my password. It takes me to a page with the verification popup. It's asking me (as usual) for my preferred method. Phone or email. It says to put in the last 4 of my phone number for a text or to email it to my backup address. Now these options normally look like Phone (***) ***-**23 and *** Email address is removed for privacy ***. You must be able to fill in the blanks. Well not this time. The verification popup had my complete phone number and email address showing. I knew that was wrong. I should note that if I go through the Account screen in Settings on my computer to change my password that the verification screen works correctly. Yes, it is an official email from Microsoft and not a spoof where I get the faulty verification popup.


So I contacted a Microsoft Support team member through the support chat. Thick as a brick or simply lazy. He said not to worry. It wasn't an issue. I sent him a screenshot. He said it wasn't a big deal. I beg to differ. That is a MAJOR ISSUE. I also got spammed in my inbox with every. Single. Reply. Every single line of the chat was another email. 13 emails! One chat! This is beyond ridiculous. And this is a major security issue. Saying it's no big deal is a load of garbage.


I have not only contacted Microsoft support, I have also submitted feedback through the Feedback application in Windows. Hopefully I get an answer somewhere.

Continue reading...
 
Back
Top Bottom