top | item 37420580

(no title)

laurencei | 2 years ago

When attempting to login to your Microsoft account, instead of typing your password you can do an optional "one time password" generation thing from Microsoft. So instead of typing your password +2FA - they email you a 6 digit "one time password" that you can use instead.

You cant disable this.

So all Microsoft accounts could have a daily 1 in 1 million chance of been overtaken.

Odds are low - but if you then spam this across thousands of attempts per day - they would statisically "get lucky" from time to time...

discuss

firebat45|2 years ago

One would think Microsoft wouldn't be stupid enough to provide endless amounts of one time codes for a single account. I would guess they provide 5-10 codes before escalating the login.

joezydeco|2 years ago

That makes much more sense, thanks. I'm guilty of using this from time to time as well.