locked
Profile passwords and security questions - Microsoft what is wrong with you? RRS feed

  • General discussion

  • I suspect that my account got compromised, because someone sent out spam to all of my contacts.

    So what first thing one should do in such situations? - yes, change the password. Well, here is the first curve ball MS threw at me with changing the password - it restricts on quality of the password in the completely unacceptable way. My new password was supposed to be 16 letters long, with special characters (commas, explanation marks, etc) and spaces, but guess what? - it's not allowed:

    The password contains characters that aren't allowed.
    

    Seriously, spaces are not allowed? I understand if it was a simple 123456 type of password, but characters not allowed??? This just sounds like our passwords are not securely encrypted or stored in unencrypted format and database has characters restrictions...

    Then, I tried another password and it contained a word that is in the answer of my security question that I typed a long time ago. Fine, I shall change my security question/answer - well, not so fast, there is no longer an option to type in your own question, you only get a choice of 6 questions, most of which are so common and many people have the answer on their facebook wall!

    So, Microsoft, do you understand the concept of security at all?


    • Edited by vanowm Saturday, June 9, 2012 1:09 AM
    Saturday, June 9, 2012 1:07 AM

All replies

  • I suspect that my account got compromised, because someone sent out spam to all of my contacts.

    So what first thing one should do in such situations? - yes, change the password. Well, here is the first curve ball MS threw at me with changing the password - it restricts on quality of the password in the completely unacceptable way. My new password was supposed to be 16 letters long, with special characters (commas, explanation marks, etc) and spaces, but guess what? - it's not allowed:

    The password contains characters that aren't allowed.
    

    Seriously, spaces are not allowed? I understand if it was a simple 123456 type of password, but characters not allowed??? This just sounds like our passwords are not securely encrypted or stored in unencrypted format and database has characters restrictions...

    Then, I tried another password and it contained a word that is in the answer of my security question that I typed a long time ago. Fine, I shall change my security question/answer - well, not so fast, there is no longer an option to type in your own question, you only get a choice of 6 questions, most of which are so common and many people have the answer on their facebook wall!

    So, Microsoft, do you understand the concept of security at all?



    Thursday, March 14, 2013 6:39 AM
  • This forum is for issues related to your forum account. For help in your Microsoft Account, visit answers.microsoft.com .


    Visual C++ MVP

    Monday, March 18, 2013 1:59 PM