Hotmail security
By sylvie | October 18, 2011
I have an old Hotmail account which I have been using for signing up to places that I worry might spam me. This morning, I was checking out Microsoft’s Academic Research site to see how it displayed my papers. It looks like an alternative to Google Scholar, and I’m all for more search sites that will lead me to finding more research papers.
I came across the Microsoft site while reading Brian Kelly’s blog post on it. While Brian says that you can’t edit your own references, I thought I’d try it and see if that was still the case.
Microsoft offered me to log in with my Hotmail account, which is technically great except that I seem to have misplaced my password. The password I have in my password list is one of those nonsensical passwords that you get assigned to you when you ask for a new password. I probably changed it to something else, but what? None of the standard passwords I use worked (yes, I have a series of standard passwords I reuse, I know that’s not secure, but I have signed up to over 100 web sites that ask for passwords, there’s going to be repeats).
After a few attempts, Hotmail asked me to answer a security question. This should be straightforward, thought I. Except that the answer I gave for the security question was deemed wrong. I tried an alternative response. Still no good. Was I misremembering the information asked? This is why I hate these security questions. People seem to think that they are straightforward but they aren’t. Sometimes the question asks for information that isn’t stable; “what is your favourite book”, comes to mind. Anyone who reads a lot is going to have a different answer to that depending on what they have read recently. Sometimes the question asks for information that could be interpreted at various levels; questions with geography come to mind. Where was I born? Did I answer the country, the province, the city, the neighborhood, the street? Did I answer with the name of the hospital? I was born in X but my parents lived in Y when I was born, did I say X or Y? And of course some questions are stupidly easy to hack: mother’s maiden name comes to mind.
Having failed to remember the answer I gave to the security question, I went back to trying to enter a password, and promptly got locked out of my account.
I was beginning to think that I was going to have to go through hoops to get back my Hotmail account, but no. Hotmail asked me for my phone number and texted me a secret code. With this secret code, I was taken to a page where I was asked to enter my old password (!!!) and create a new password.
At this point, you would think that I would have been blocked from my account, since all my attempts at entering a password had failed. But no. To my total surprise, entering the password I had in my password list seems to have worked this time. So either I completely mistyped it in my previous tries (which is quite possible), or Hotmail was ignoring the information. I hope it was the former rather than the latter, because if it was the latter, then it would be extremely easy for anyone to steal someone’s Hotmail account.
In the end, I got my Hotmail account back, except that Hotmail has completely wiped the content of my inbox. I guess that’s a good thing?
I am left with one problem, though. I really want to access those security questions and see what I entered that resulted in not being able to answer the question. Except I can’t find them anywhere.
Topics: Security |
October 18th, 2011 at 9:19
I found the security questions, but I can’t see what I entered previously. But I can change the question and answer. So I’m not sure how useful it is to keep the answer private.