top | item 37418931

(no title)

laurencei | 2 years ago

Yeah - and what is crazy is when you think about it - Microsoft generates a 6 digit code.

So it is a "one in a million" to randomly guess what the code is on any given login.

But it is "one in a million" for each Microsoft account you know about - and if they have millions of email addresses, and automate it each day (I also get attempts 1-2 times per day).

Yes - the odds are small - but there is a greater than 0% chance someone can randomly get into your Microsoft account - and there is no way to stop it - even with 2FA etc - this bypasses all of that!!!

Crazy...

discuss

joezydeco|2 years ago

I'm a little confused. Does the code get generated on any attempt to log in, or only those that have the password and MFA is activated? Or when someone attempts password recovery?

Because I'm a bit concerned if Microsoft passwords are leaking.

laurencei|2 years ago

When attempting to login to your Microsoft account, instead of typing your password you can do an optional "one time password" generation thing from Microsoft. So instead of typing your password +2FA - they email you a 6 digit "one time password" that you can use instead.

You cant disable this.

So all Microsoft accounts could have a daily 1 in 1 million chance of been overtaken.

Odds are low - but if you then spam this across thousands of attempts per day - they would statisically "get lucky" from time to time...

nitwit005|2 years ago

If you have 500 million accounts you know of, you'd be breaking into around 500-1000 a day.

I suppose that's a decent rate, but it feels like most Microsoft accounts will just have something like Office or Minecraft set up.