Hacker News new | comments | ask | show | jobs | submit login
I am locked out of my PC because of Windows 8 Login catch-22
62 points by ionwake on Sept 22, 2014 | hide | past | web | favorite | 45 comments
I wanted to use my calendar in Windows Metro. No biggie right? Wrong.

I get forced to create a "microsoft account", I have to come with a random email address, which I do, followed by a password, equally as long and random. I do. It asks me for my phone, I say no thanks later.

I reboot my PC.

My login has suddenly changed. It displays the email address I just used to setup my calendar. My password doesn't work.

Panic.

I try again, now it has done a remote server checked, determined I have had too many tries and asks me to use an ONLINE recovery sysem OR Enter in my last password.

There was no last password, it is a brand new top of the range laptop. Ofcourse it wont let me enter in no password.

I go online with my 2nd laptop, I click on password recovery.

It asks me for "subjects" and "emails in my sent folder" to verify my ID.

I have none, it is a brand new account.

I just received this in the mail. Notice it is 'unmonitored' and there is are contact details for me to get ahold of someone, seeing as this is apparently all automated.

"Microsoft Account - Unmonitored Automated Email <unmonitored@microsoft.com> 16:06 (11 minutes ago)

We recently received a request to recover your Microsoft account @outlook.com. Unfortunately, our automated system has determined that the information you provided was not sufficient for us to validate your account ownership. Microsoft takes the security and privacy of our customers very seriously, and our commitment to protecting your personal information requires that we take the utmost care in ensuring that you are the account owner."

I no longer have a computer I can use, which my professional life depends on, I might even get fired over not being to use my computer today.

Please let me make this clear - there was no indication at any point the password for my MACHINE was going to be reset to be this new password I was using for an "Outlook" email address I was prompted to create when trying to use the Calendar application, which is why I naturally did not spend time memorizing these details.

WTF microsoft. All this, without warning, because I wanted to try and sync my calendar.

UPDATE - Please if there is ANYONE at Microsoft who can help me access my machine please contact me, I am ofcourse using the same IP address as I did when I signed up for the account, and remember just about all of the credentials I used when signing up. ( I dont remember the password perfectly obviously).

Update 2: RECEIVED 2ND REJECTION Microsoft Account - Unmonitored Automated Email <unmonitored@microsoft.com> 16:15 (20 minutes ago) to me We recently received a request to recover your Microsoft account *@outlook.com. Unfortunately, our automated system has determined that the information you provided was not sufficient for us to validate your account ownership. Microsoft takes the security and privacy of our customers very seriously, and our commitment to protecting your personal information requires that we take the utmost care in ensuring that you are the account owner.




There is the trick to boot from another media, rename utilman.exe (in system32) to something else, copy cmd.exe to utilman.exe. Reboot to original installation, then Win-U will open a command prompt. use net user username password /add then net localgroup administrators username /add to create a new local account. Don't forget to rename your backup of utilman.exe back afterwards. You may have to take ownership then change permissions in order to do so.


When my father died last year, I came into possession of his laptop, which was secured by s MS account. While the hack you are talking about allowed me to create a second admin account and recover files, it would not allow me to reset his personal Microsoft account password.


My advice: Boot a linux live distro (like Knoppix or systemrescue cd), move your data to an external harddrive.

Reinstall OS (factory reset?) and learn :)


+1 for Knoppix used it to recover some design plans from a coworkers computer. The hdd was doing "the click of death" and Knoppix was still able to recover 90% of the data and 100% of the important stuff. Needless to say his backups are now in triplicates.


Thank you, this is a great idea, I just wonder if I will lose all of my registry settings.


You may be able to role back to a registry before the offending change.

I did this once when an AVG update borked my system before a vacation: Got back, could not boot. Googling confirmed a significant AVG bug, repaired within hours of my applying the update.

Booted Knoppix, found a registry file dated just before the update (Windows at the time saved the last handful - this was XP several years ago), deleted the more recent ones, may have done some renaming, rebooted whilst holding my breath.

All was well.

Linux, the ultimate Windows recovery tool.


If it's 'brand new', there shouldn't be too much disparity between the recovery and your current state.


There are reg dump tools on Linux. It will make a huge text file which you can dig through. On Windows I regularly dump HKCU for just such an occasion


I think that is a given (i.e. yes!)


Is it common for people to create accounts without noting the credentials? I'm not saying MS is without fault here, but I would think one would at least note the details long enough to get what one needs.


I am unsure if it is common, but it could be, for access to a specific app. Until today I was unaware I would be using an outlook email account to log onto my windows PC, and I am in the industry.

I accept responsibility for not writing down the creds, but the protocol of throwaway account creation for access to small tools and sites I believe is ingrained in a large percentage of internet users. I could be wrong.

I personally will spend more time taking care of new credentials now I have seen how they can be quickly linked to other aspects of my devices.


It depends what the account is!

I'm a bit scared about all my accounts. I do mot currently understand which account depends on what bit of information.

That leaves me vulnerable. For example, if this phone dies and Google starts asking me for a password and 2FA I have no idea what I'd do.

I have several pieces of hardware that I use to login across a wide range of accounts. I guess I need to print out a list of passwords and 2FA codes and set two phones as backup IDs.

I really wish someone would just fix authentication. :-/


Go print a set of backup codes for google! It'll be 10 9-digit numbers, use them when you lose your phone.


Since it's a brand new laptop, just reinstall Windows? There's probably a restore partition that you can boot into which will do that.


This is what I was going to suggest. There is an advanced boot option to restore back to factory default, assuming the computer came with Windows 8 pre-installed.


I am going to have to do this , the annoyance is I just spent the weekend installing my IDE and DBs = ( The amount of time I have spent setting up the machine, over two days, if I count it as "work time" which I won't, would add up to approximately half the price of the laptop itself.


This is a good advertisement for Puppet as a configuration engine. Set up a box, get it talking to the puppetmaster, tell the puppetmaster you've got a dev box (which implies all that IDE and DB stuff) sit back and wait and it just works.


Similar issues with xbox. The stupid crap Microsoft makes you jump through to recover an account that is only set up to make on of their pieces of software or hardware work is insane. It took me two days to get access back to my account so I could unlock a game for my 7 year old on his xbox. Microsoft's security requirements are garbage.


You'll have similar problems with Apple and Google.


Who is your employer, that they would fire you because one of your (apparently) two usable computers is out of commission for a day?

I don't know the specifics of your situation so I could be wrong, but unless your employer has actually said "I will fire you if you ever have computer issues, grr!", your job is probably not in jeopardy. Shit happens, employers understand.

(If in fact your employer is enough of a dick to fire you over this, then, ouch… good luck!)


If you press escape on the login screen do you still have the option to login with your old account, or has it changed the name and password on your existing profile?


Nothing happens when I press escape. I have the same thumbnail and name, but now I see the new outlook email address under it.


Damn. I'd recommend offline backup and re-install, or try NTPasswd (http://pogostick.net/~pnh/ntpasswd/) to reset and enable the Administrator account, then password reset your account from there.

It will almost certainly break the MS account sync, and I'm not sure what state your account will be in with regards to online services etc, but it should at least allow you to access your account on the PC.


I was wary of the whole e-mail thing... It does state at some point in tiny letters or some such that it is changing your system credentials to the e-mail/pw combo, so I decided it was best to not set it up (I don't want to type an e-mail, I might not even want credentials).

Unfortunately I have no useful advice for you, I can only say that you have my sympathies


Thanks man


You should try buying from their store in a country with only 1 IP. You're required to have a MS account, but you can't create an account because the IP has "too many" accounts created on it.

I contacted Support who told me to go do it on a public wifi.

What? Firstly, one country, one IP.

Secondly, you want me to submit my credit card details over wifi?

WTF.


UPDATE 3 :

I H A V E A C C E S S

THANK YOU TO EVERYONE FOR YOUR HELP

JUST A REMINDER - Microsoft if one of my all time favorite companies, and slips like these happen in protocols and large organisations, I hope I was able to highlight the problem and hopefully it will be fixed soon.

Thanks again everyone!!!


Congratulations! What worked? I put everything into LastPass, even if manual entry needed, and a history of changes into notes. This has saved me more than once from unexpected situations.


Having been the victim of several hacks I am paranoid to the extent I never keep my passes together, or online. but yes manually recording it somewhere would have been wise.

Better yet coming up with a good protocol myself for password generation!

I solved it by a combination of rebooting the PC to stop the "You have tried too many times" catch and then essentially guessing different permutations from would I thought it was. Eventually I cracked my own pass = )

Funnily enough I type so fast I had to go through this process 2 times before successfully resetting it


I had a very similar problem with Skype (also now a Microsoft company).

I had been using this Skype account for years. Suddenly one day out of the blue my account was suspended and I was asked to recover it, no biggy I thought, since I had access to the email account AND didn't set it up with gibberish (i.e. real name, real address, etc).

Here is what Skype asked for (with remarks):

      - Contact email (easy)    
      - Account Creation year (who knows this?!)    
      - Country of registration (easy)    
      - Payment history (huge problem, discussed below)    
      - Skype 3 contacts (buggy, needs the Skype usernames, not "friendly" names)   
On the face of it this seems "easy." Except it is super buggy/finicky and Skype's support has zero alternatives. In fact they told me to register a new Skype account if I couldn't complete the form(!). They even sent that reply to my registered email address.

The main issue I had with the above form was, Account Creation Year (I didn't know it!), Skype contacts (it needs either Skype name (e.g. BSmith123) or email address, NOT profile names/friendly names e.g. "Bob Smith").

Payment history is just horrifyingly terrible. I tried my current credit card (nope), current debit card (nope), old debit card (nope), and even somehow tracked down my long since cancelled old credit card (nope). I also tried other with a comment (nope).

After being without access to my Skype account for several weeks, I tried setting my Payment History to "Never paid for Skype" even though I actually had (many many times)! Worked. After logging in I had an expired credit card on the account (one of the ones I tried several times).

In order to finally gain access to an account I lost access to for reasons I still don't understand, I had to:

      - Search through several boxes looking for old cards    
      - Pull down a backup of my Skype profile and extract Skype profile names for my contacts using an SQLite tool     
      - Search tons of historic emails for my creation date (never did find it)   
      - Contact support half a dozen times (they were utterly unhelpful).


I had almost exactly this issue with Skype earlier this year - they locked my account from using credit, meaning that although I can still log in and make free Skype-to-Skype calls, I still have $10 of Skype credit that it prevents me from using (as I got locked out soon after an auto topup). From what I could tell, my account was compromised for a week, and there were several spurious messages being sent from it, until I finally realised and changed the account password. I emailed customer support several times to unlock it, and provided a whole host of legacy data about the account (which had been set up back in 2005) and how it had been used over that time, but none of it helped them to confirm my identity. Out of frustration, I wrote to them to get them to point out exactly where it said that they could take this type action. They couldn't give me a clear answer, and like the above poster, they suggested I just create a new account. Here's the (almost kafkaesque) replies I received from them:

  > Hello,
  >
  > I understand that your concern. Please see all the 
  > answers to the following questions. 
  > 
  > 1. To have this issue escalated to a senior manager.
  >
  > Please be informed that this case has already been 
  > investigated by the higher department and the result 
  > is that the account should be remain restricted.
  >
  > 2. To have it pointed out where in the Terms and 
  > Conditions it says that you're unable to tell me 
  > the underlying reason for the restriction.
  >
  > I am sorry but we cannot disclose the specific reason 
  > why the account is suspended. You may just refer to 
  > Terms of Use number 11. 
  > 
  > 3. To have it pointed out where in the Terms and 
  > Conditions it says that you're unable to refund me 
  > the money on my account. OR to have the $10 credit 
  > on the account refunded to my Paypal account.
  > 
  > Kindly review Terms of Use number 10.6. 
  > 
  > 4. To have all my payment methods removed from the 
  > account, to avoid the potential for abuse.
  >
  > I would like to apologize but we no longer have the
  > option to make changes on the account since it has
  > already been suspended due to this kind of concern.
  >
  >5. To have the account completely shut down, not just 
  > restricted. (OR to have it pointed out in where in 
  > the Terms and Conditions it says you're unable to do this.)
  >
  > It is already our internal rule that we cannot make 
  > any changes on the account like cancelling the 
  > account once it has been suspended or restricted. 
  >
  > I hope that I was able to answer all your inquiry and 
  > I would like to apologize if we can no longer assist 
  > you further regarding your concern.
  >
  > Best regards,
  >
  > Diana B.
  > Skype Customer Service
====

  > Hello,
  > 
  > I am sorry to know that your account has been restricted. 
  > I understand how important it is to recover your account.
  > However, your account has been detected that there are 
  > some activities which are contrary to Skype's Terms and
  > Conditions have taken place via your Skype account.
  > 
  > Following our investigation, we are unable to reinstate
  > your account. Please understand that we are unable to
  > explain the specific reason for restricting your account
  > and this account needs to be remain restricted.
  >
  > However, you are always welcome to create new account
  > to continuously enjoy the free services and features
  > from Skype.
  >
  > Best regards,
  >
  > Diana B.
  > Skype Customer Service

To add insult to injury, I notified Paypal (which I used for the auto topup payments) to reverse the charge, owing to misconduct by Microsoft in refusing to unlock the account. After a week in which they did "their own investigation", where they didn't even contact me for any corroborary info, they refused to issue a refund. All I got was this 2-line reply:

  > We have concluded our investigation into this case. Unfortunately, at this
  > time we are unable to decide this claim in your favor.
Made me think that they're secretly in cahoots with Microsoft. I was pretty livid about the whole experience, and it's seriously damaged my trust in Microsoft services.


I've been caught in this catch-22 due to my hotmail account getting hacked a while back, but it's not tied to my Windows login -- just everything else to do with Microsoft. I guess I'll actually have to get it squared away soon, because it's taken down my Twitter account (minus one OAuth-authorized app that I can still use) and will soon take down Dreamspark, as well. :( Terrible system! I only ever used my hotmail account for MSN, so I can't answer any of their e-mail-related questions.


I am having the same problem! I have been trying for several days to sign in to outlook to retrieve my email w/o success.They keep asking for my code to protect my security which they say they will send me one by phone..I've yet to receive it. After several attempts this a.m. was told too many attempts to obtain code and to try again in a week. What am I doing wrong? Fortunately I can retrieve email and f.b. on my kindle. I am not a computer guru so very frustrated!


If you get past this you can disable using your outlook account in lieu of one actually on your PC. I found the default to be incredibly annoying having to type in the stuff 1password generated.

http://www.techrepublic.com/blog/windows-and-office/quick-ti...


Well, for future reference, it is still possible to create a local-only account with Windows 8. The process is made intentionally obscure and cumbersome. However, I always do this, and don't have my login account tied to Microsoft.


Is there a Microsoft store that you can visit with this laptop? I have heard they provide free tech support even to computers not purchased in store.


Unfortunately no stores in UK



Call their technical support.


There is no number!


Sure there is: 1 (800) 642-7676 should be their CS line


+1 425 882 8080


Line dead =[


lol


"which my professional life depends on"

windows isn't ready for the enterprise




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: