Windows CHANGED my password without me asking!

[corrado33]

What the absolute hell? So yesterday I created a microsoft account in order to disable things in the stupid xbox app.

 

Today, when I went to sign into my computer after it being asleep, my normal password didn't work! WTF???

 

Turns out windows automatically converted my local account into a microsoft account and starting using THAT PASSWORD instead. WITHOUT ASKING ME. WHAT THE ABSOLUTE HELL? I DON'T WANT TO FREAKING SIGN IN TO YOUR BULLCRAP SOCIAL MEDIA BULLCRAP THAT MERGES ALL OF THE STUPID SOCIAL MEDIA BULLCRAP THAT I DON'T HAVE INTO ONE PLACE.

 

Piece of crap operating system. Changing passwords without asking users.

[Guest]

Did you create MS account before?

[Litargirio]

So you're new to the whole Microsoft trying to make the experience on Windows as user-unfriendly as possible?

 

Well, welcome aboard.

[C2dan88]

It has not changed your password it simply converted your local account to your MS Account. You are free to change it back to a local account.

[corrado33]

6 minutes ago, deXxterlab97 said:

Did you create MS account before?

No...

4 minutes ago, C2dan88 said:

It has not changed your password it simply converted your local account to your MS Account. You are free to change it back to a local account.

You're damn right I'm going to change it back to a local account. It's my own damn local computer. F*** microsoft. 

[corrado33]

14 minutes ago, C2dan88 said:

It has not changed your password it simply converted your local account to your MS Account. You are free to change it back to a local account.

Don't tell me what it did and didn't do.

 

My old password did NOT work.

 

The password I used to create the bullcrap microsoft account DID work.

 

It DID change my password.

 

It DID piss me off

 

How the hell are people ok with this?

[Litargirio]

5 minutes ago, corrado33 said:

How the hell are people ok with this?

Microsoft doesn't give a shit about what people are OK with.

[Guest Kloaked]

4 minutes ago, corrado33 said:

Don't tell me what it did and didn't do.

 

My old password did NOT work.

 

The password I used to create the bullcrap microsoft account DID work.

 

It DID change my password.

 

It DID piss me off

 

How the hell are people ok with this?

They didn't say you did anything to cause this so I don't know why you're biting their heads off. They're just trying to help.

 

We're okay with this because everything is consolidated. It makes no sense to have separate accounts for everything under Microsoft's umbrella.

[SpaceGhostC2C]

2 minutes ago, Kloaked said:

We're okay with this because everything is consolidated. It makes no sense to have separate accounts for everything under Microsoft's umbrella.

That's basically like saying it makes no sense to have more than one password for everything. 

 

Hotmail is my spam account, the one I give for everything I don't care / I know it will generate unsolicited mail whatever boxes I uncheck. And am I supposed to care about it being hacked all of a sudden, because it became my Skype account and even my local PC account?

Not happening. No android logic in my PC, no thanks. Just like when Google came with the "Youtube is actually Google+" idea. Nope.

[Guest Kloaked]

Just now, SpaceGhostC2C said:

That's basically like saying it makes no sense to have more than one password for everything. 

No it's not the same thing.

Just now, SpaceGhostC2C said:

Hotmail is my spam account, the one I give for everything I don't care / I know it will generate unsolicited mail whatever boxes I uncheck. And am I supposed to care about it being hacked all of a sudden, because it became my Skype account and even my local PC account?

Not happening. No android logic in my PC, no thanks. Just like when Google came with the "Youtube is actually Google+" idea. Nope.

That's the way things are going and if you have an issue with it, either catch up with it or go off the grid.

 

If you have trouble being hacked, then it's something on your end that's the issue. I'm not saying my experience should match up with everyone else's, but I've never once had my Blizzard, Google, Microsoft, etc accounts hacked because I actually set up strong passwords and change them at a certain time. I've had hacking attempts on my Google account before, but I have authentication barriers in place since that stuff does happen, such as unless I press "Yes" on my authenticator on my phone when someone tries to log into my Google accounts, it will not let you log in.

 

There's plenty of protection available to keep out most threats, and it's not hard to set up.

[SpaceGhostC2C]

6 minutes ago, Kloaked said:

No it's not the same thing.

I hope you can then explain to me why unifying passwords isn't the same as unifying passwords.

 

7 minutes ago, Kloaked said:

 

That's the way things are going and if you have an issue with it, either catch up with it or go off the grid.

 

With all due respect, that's the lamest conformist line I've read in a while. Like, don't dare to have an opinion or try to steer things your way, just acept whatever comes as long as enough companies are pushing it. Just because something becomes trendy it doesn't mean it is a good idea, or that it is a good idea for users even if it is for the other end of the market. I don't imagine a Microsoft shareholders' meeting ending up with  "well, that's the way things are going, it may make us lose money but that's the way it is". But apparently consumers are supposed to eat whatever they served no questions asked?

 

12 minutes ago, Kloaked said:

 

There's plenty of protection available to keep out most threats, and it's not hard to set up.

Yes, like the usual advice "don't use the same password for everything" or "keep different layers of access" 

[Guest Kloaked]

1 minute ago, SpaceGhostC2C said:

I hope you can then explain to me why unifying passwords isn't the same as unifying passwords.

That's not what you said. Your words were "That's basically like saying it makes no sense to have more than one password for everything." and that's not what this is unless everything you do is literally with Microsoft, which I doubt.

2 minutes ago, SpaceGhostC2C said:

With all due respect, that's the lamest conformist line I've read in a while. Like, don't dare to have an opinion or try to steer things your way, just acept whatever comes as long as enough companies are pushing it. Just because something becomes trendy it doesn't mean it is a good idea, or that it is a good idea for users even if it is for the other end of the market. I don't imagine a Microsoft shareholders' meeting ending up with  "well, that's the way things are going, it may make us lose money but that's the way it is". But apparently consumers are supposed to eat whatever they served no questions asked?

You're misunderstanding me. I didn't say you have to like it, or you should like it. You are within your god-given right to not like what you don't like. What I'm saying is, the way things are going in software development are making it as easy as possible on the user's end. That means consolidating accounts where it makes sense, like having all Microsoft software under the same account and password for you. It also entails other stuff, but we're talking about account consolidation specifically.

 

I hope my point is more clear.

5 minutes ago, SpaceGhostC2C said:

Yes, like the usual advice "don't use the same password for everything" or "keep different layers of access" 

Yes!

Why would you not?

[corrado33]

12 minutes ago, SpaceGhostC2C said:

Yes, like the usual advice "don't use the same password for everything" or "keep different layers of access" 

 

6 minutes ago, Kloaked said:

Yes!

Why would you not?

 

BECAUSE WE CAN'T!!!!! Under the stupid microsoft umbrella it tries to keep all of my passwords the same. Hotmail, skype, windows. I WANT THOSE PASSWORDS TO BE DIFFERENT. They SHOULD be different for security purposes. Every single one of my online passwords is different for good reason. 

 

And automatically converting my local computer account to a microsoft account when I specifically created a LOCAL account when I finished building the computer? That's bullshit. That's low. 

 

Consolidating accounts is just a good way to have to worry about ALL your data when one of microsoft's "programs" gets hacked.

 

Sure, I want the hackers to have my e-mail password when they hack skype. Sure, I want the hackers to have my computer password, which stores my banking passwords when they hack hotmail.

 

Because microsoft is GREAT at preventing hacking...

 

http://www.theverge.com/2016/11/8/13561024/microsoft-skype-baidu-linkedin-hack

 

https://www.google.com/search?q=hotmail+hacked&oq=hotmail+hacked&aqs=chrome..69i57.3107j0j4&sourceid=chrome&ie=UTF-8

 

[Guest Kloaked]

6 minutes ago, corrado33 said:

BECAUSE WE CAN'T!!!!!

Yes you can.

 

https://support.microsoft.com/en-us/help/12408

 

6 minutes ago, corrado33 said:

Because microsoft is GREAT at preventing hacking...

Nobody can 100% prevent it.

[corrado33]

2 minutes ago, Kloaked said:

Yes you can.

 

https://support.microsoft.com/en-us/help/12408

 

Nobody can 100% prevent it.

Yes because we all know how well the 2FA is working. And having ALL of my accounts behind one small hack is a GREAT idea. 

 

https://answers.microsoft.com/en-us/outlook_com/forum/osecurity-oinfosafe/hacker-bypassed-the-2-step-verification/3535096f-0edd-4314-8bee-f9e72dabb863

 

https://answers.microsoft.com/en-us/outlook_com/forum/osecurity-osafe/hotmailoutlook-acount-compromised-even-with-2-step/551782bf-4ead-4261-a218-acb8d8b19d0c

 

http://searchsecurity.techtarget.com/answer/How-hackers-can-bypass-two-factor-authentication-systems

[Guest Kloaked]

Just now, corrado33 said:

Yes because we all know how well the 2FA is working. And having ALL of my accounts behind one small hack is a GREAT idea. 

 

https://answers.microsoft.com/en-us/outlook_com/forum/osecurity-oinfosafe/hacker-bypassed-the-2-step-verification/3535096f-0edd-4314-8bee-f9e72dabb863

 

https://answers.microsoft.com/en-us/outlook_com/forum/osecurity-osafe/hotmailoutlook-acount-compromised-even-with-2-step/551782bf-4ead-4261-a218-acb8d8b19d0c

 

http://searchsecurity.techtarget.com/answer/How-hackers-can-bypass-two-factor-authentication-systems

I bet you'd find similar issues for Google's 2FA, or even Blizzard's. You know why? Because people make mistakes, and software isn't perfect.

 

I'm no security expert as that's not my field, but I would have to guess that the majority of compromised accounts can be blamed on the user having bad security practices, which is why you see these hand-holding tips like "Make sure to include a combination of lowercase and uppercase letters, numbers and symbols".

 

That problem can be easily fixed, but often people are stuck in their old way of doing things and don't know how to move on.

[corrado33]

1 minute ago, Kloaked said:

I bet you'd find similar issues for Google's 2FA, or even Blizzard's. You know why? Because people make mistakes, and software isn't perfect.

 

I'm no security expert as that's not my field, but I would have to guess that the majority of compromised accounts can be blamed on the user having bad security practices, which is why you see these hand-holding tips like "Make sure to include a combination of lowercase and uppercase letters, numbers and symbols".

 

That problem can be easily fixed, but often people are stuck in their old way of doing things and don't know how to move on.

Except in this case the OLD way is the more secure way. We're going backwards in terms of security for the sake of convenience. 

[Guest Kloaked]

Just now, corrado33 said:

Except in this case the OLD way is the more secure way. We're going backwards in terms of security.

I'd be willing to bet money we're either more secure (or capable of more security, like I've been implying) today than we were 10 years go, or it's just as bad. But that's just anecdotal and there's no way for me to prove that.

 

So anyways, you should use a strong, long password and 2FA if you're worried about security for your Microsoft account.

[corrado33]

5 minutes ago, Kloaked said:

I'd be willing to bet money we're either more secure (or capable of more security, like I've been implying) today than we were 10 years go, or it's just as bad. But that's just anecdotal and there's no way for me to prove that.

 

So anyways, you should use a strong, long password and 2FA if you're worried about security for your Microsoft account.

Or I can choose strong, long passwords for each of those services individually and make it X times as hard to get ALL of my information. 

 

Look, I have no reason to be hacked, I have nothing to hide. My banking passwords are ridiculously long and complicated (so much so that I couldn't tell you what they were, it's muscle memory, I don't know it unless I type it.) and nothing else online matters much to me. But this is ridiculous. Microsoft is coddling the technologically inferior idiots who can't remember more than one password. 

 

I wouldn't CARE that everything was in one place if microsoft didn't try to shove it down my throat and change MY settings on MY computer. Especially something as personal as my freaking local password. 

 

My local computer does not exist on the world wide web. It is not a WAN entity. It is able to connect to the internet yes, but it is not always online. Nor do I want it to be. 

[Mira Yurizaki]

When you signed in the Xbox App, did you willy-nilly click "yes yes yes"? Because one of the dialogs it says is if you want to convert the account you use on Windows 10 to log into the machine into a Microsoft account.

 

I mean technically your password changed, but this is more like your account was converted. Windows 10 does not have the ability to automagically by itself change account types (at least that I'm aware of).

[corrado33]

1 minute ago, M.Yurizaki said:

When you signed in the Xbox App, did you willy-nilly click "yes yes yes"? Because one of the dialogs it says is if you want to convert the account you use on Windows 10 to log into the machine into a Microsoft account.

 

I mean technically your password changed, but this is more like your account was converted. Windows 10 does not have the ability to automagically by itself change account types (at least that I'm aware of).

I don't remember honestly. But obviously that's what happened. And it was probably a tiny checkbox somewhere that I missed. I was already pissed about having to sign into the xbox app to disable things... But seriously, when has an application ever had the power to change your entire user type? That's stupid programming.

 

Google does it right. You can use your google password to sign in to a TON of different web services, but you can also choose not to, and they don't force it upon you.

 

I DO use my (junk) google account to sign into things I don't care about. For things that I barely ever use? Or things I'll only use once? Heck yeah I'll use my (junk) google account. 

[Mira Yurizaki]

1 minute ago, corrado33 said:

I don't remember honestly. But obviously that's what happened. And it was probably a tiny checkbox somewhere that I missed. I was already pissed about having to sign into the xbox app to disable things... But seriously, when has an application ever had the power to change your entire user type? That's stupid programming.

 

Google does it right. You can use your google password to sign in to a TON of different web services, but you can also choose not to, and they don't force it upon you.

 

I DO use my (junk) google account to sign into things I don't care about. For things that I barely ever use? Or things I'll only use once? Heck yeah I'll use my (junk) google account. 

If you're talking about Android, you can't use any of Google's services if you don't use a Google account. This means you can't use the Play Store, or you know, the primary means of getting apps on Android. You have to side load apps.

 

While I'm kind of inclined to agree that an application shouldn't change the user's credentials, it's not really the application that's doing it (if you log into any Microsoft account enabled app, it will ask you the same thing if you're logging in using a Microsoft account) and it only affects the user account in question.

[JefferyD90]

20 hours ago, corrado33 said:

What the absolute hell? So yesterday I created a microsoft account in order to disable things in the stupid xbox app.

 

Today, when I went to sign into my computer after it being asleep, my normal password didn't work! WTF???

 

Turns out windows automatically converted my local account into a microsoft account and starting using THAT PASSWORD instead. WITHOUT ASKING ME. WHAT THE ABSOLUTE HELL? I DON'T WANT TO FREAKING SIGN IN TO YOUR BULLCRAP SOCIAL MEDIA BULLCRAP THAT MERGES ALL OF THE STUPID SOCIAL MEDIA BULLCRAP THAT I DON'T HAVE INTO ONE PLACE.

 

Piece of crap operating system. Changing passwords without asking users.

it actually tells you that you're going to be switching to your Microsoft account when you do that process, you just didn't read it.

[corrado33]

2 hours ago, JefferyD90 said:

it actually tells you that you're going to be switching to your Microsoft account when you do that process, you just didn't read it.

I'm going to repeat myself again here.

 

No application should EVER have control over your local user name and password other than the control panel meant to change it. Period.

[Mira Yurizaki]

49 minutes ago, corrado33 said:

I'm going to repeat myself again here.

 

No application should EVER have control over your local user name and password other than the control panel meant to change it. Period.

But:

1. The application itself did not change your account. The framework around it, which is embedded in the OS, did.
2. IIRC, the framework asks for your local account password, then your Microsoft account password. This isn't any different from changing your password anyway.