Beyond3D Forum

Scott_Arm · 20-Jun-2012, 18:25

Today I went to the Windows Live Hotmail site and logged in. The first thing it asked me to do was change my password. I changed it, because it was the only way I could log in. I'm not sure why it asked me to do that. I didn't request a password change. This wasn't one of those fishing emails that takes you to a fake link asking you to change your login. I opened my browser and typed in the address manually, and after logging in it asked me to change. Seems very strange. I logged into my Xbox Live account, and there wasn't any activity on it in my account history. I've never had a hotmail password expire before, and I log in regularly. Should I be worried?

Richard · 20-Jun-2012, 21:47

Was your old password weak in some way?

Davros · 20-Jun-2012, 22:17

Quote:

Originally Posted by Scott_Arm

I opened my browser and typed in the address manually,

you could still be victim of a dns spoof

just to put you mind at rest (probably not needed) go to
http://65.55.206.154 and change your pwd

Scott_Arm · 21-Jun-2012, 01:45

Quote:

Originally Posted by Richard

Was your old password weak in some way?

I don't think so. I went and changed a bunch of account passwords I had associated with that email just in case.

Dave Baumann · 21-Jun-2012, 04:01

Same here. They are beefing up the security - it now text meesages me of any account changes as well as allowing you to register computers as trusted.

Scott_Arm · 21-Jun-2012, 16:00

Well, that's good. It would have been nice if it had explained why it was asking me for a new password. The first thing that went through my mind was that someone had requested a password reset on my account. Obviously the password wasn't changed, so I felt pretty safe, but it was still weird.

UniversalTruth · 26-Jun-2012, 20:54

What happens with these email clients is beyond me and it is so ridiculously annoying.

I have an account in the US aol.com.

Earlier today I signed in and what did my eyes see? A warning email that something suspicious had happened and there was a possibility that my accound would be blocked if I didn't sign in normally with my password. So far, so good. I had no problems signing in.

But... something forced me to change my password. Ok, I went to those settings, it even asked me for my social security number

but everything looked good- I changed it and even prior to signing out, I saw a confirmation email in my incoming box for the reset password.

And then the nighmare began.
I decided to check if everything was all right. Typed my username and my new password and a suprise- mismatch- this is wrong. I tried few times and at the end a screen with prompting to reset my password appeared.

WTH? I did it again and nothing happened- again with the new password- mismatch.

I tried several times and in the end ii said- "due to suspicious activity we are blocking the access to this username".

So, what the hell happens. I can tell you that few months ago I had a scary moment again- typing few times my password didin't let me in, and in the end something happened out of nowhere and I had a success.

Richard · 26-Jun-2012, 21:22

Quote:

Originally Posted by Scott_Arm

The first thing that went through my mind was that someone had requested a password reset on my account. Obviously the password wasn't changed, so I felt pretty safe, but it was still weird.

BTW, it's never automatic. I have a *very* common @live.com account I was able to register when Microsoft opened the sunrise period and I get hundreds of spam email per day there (I've never used the account for anything). Every week I also receive a handful of account password reset notifications from Hotmail where people either through ignorance or malice try to reset that account's password. You have to accept the reset though; you don't even have to click the "cancel password reset request" link, it will timeout after a few hours/days.

So either they identified a weakness in your old password or your password (or rather same hash) was in one of the many leaked password dumps from all the database breaches that have happened in the last two years or so.

Scott_Arm · 26-Jun-2012, 21:27

Quote:

Originally Posted by Richard

BTW, it's never automatic. I have a *very* common @live.com account I was able to register when Microsoft opened the sunrise period and I get hundreds of spam email per day there (I've never used the account for anything). Every week I also receive a handful of account password reset notifications from Hotmail where people either through ignorance or malice try to reset that account's password. You have to accept the reset though; you don't even have to click the "cancel password reset request" link, it will timeout after a few hours/days.

So either they identified a weakness in your old password or your password (or rather same hash) was in one of the many leaked password dumps from all the database breaches that have happened in the last two years or so.

Thanks for ruining my day, Richard. Now I feel badly about the Internet. Stupid Internet.

20-Jun-2012, 18:25	#1
Scott_Arm Regular Join Date: Jun 2004 Posts: 6,793	Hotmail asked me to change my password Today I went to the Windows Live Hotmail site and logged in. The first thing it asked me to do was change my password. I changed it, because it was the only way I could log in. I'm not sure why it asked me to do that. I didn't request a password change. This wasn't one of those fishing emails that takes you to a fake link asking you to change your login. I opened my browser and typed in the address manually, and after logging in it asked me to change. Seems very strange. I logged into my Xbox Live account, and there wasn't any activity on it in my account history. I've never had a hotmail password expire before, and I log in regularly. Should I be worried?

20-Jun-2012, 21:47	#2
Richard Mord's imaginary friend Join Date: Jan 2004 Location: PT, EU Posts: 3,506	Was your old password weak in some way? __________________ The optimist proclaims that we live in the best of all possible worlds, and the pessimist fears this is true. - James Branch Cabell

21-Jun-2012, 04:01	#5
Dave Baumann Gamerscore Wh... Join Date: Jan 2002 Posts: 12,946	Same here. They are beefing up the security - it now text meesages me of any account changes as well as allowing you to register computers as trusted. __________________ Expand. Accelerate. Dominate. Tweet Tweet!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

21-Jun-2012, 16:00	#6
Scott_Arm Regular Join Date: Jun 2004 Posts: 6,793	Well, that's good. It would have been nice if it had explained why it was asking me for a new password. The first thing that went through my mind was that someone had requested a password reset on my account. Obviously the password wasn't changed, so I felt pretty safe, but it was still weird.

26-Jun-2012, 20:54	#7
UniversalTruth Member Join Date: Sep 2010 Posts: 998	What happens with these email clients is beyond me and it is so ridiculously annoying. I have an account in the US aol.com. Earlier today I signed in and what did my eyes see? A warning email that something suspicious had happened and there was a possibility that my accound would be blocked if I didn't sign in normally with my password. So far, so good. I had no problems signing in. But... something forced me to change my password. Ok, I went to those settings, it even asked me for my social security number but everything looked good- I changed it and even prior to signing out, I saw a confirmation email in my incoming box for the reset password. And then the nighmare began. I decided to check if everything was all right. Typed my username and my new password and a suprise- mismatch- this is wrong. I tried few times and at the end a screen with prompting to reset my password appeared. WTH? I did it again and nothing happened- again with the new password- mismatch. I tried several times and in the end ii said- "due to suspicious activity we are blocking the access to this username". So, what the hell happens. I can tell you that few months ago I had a scary moment again- typing few times my password didin't let me in, and in the end something happened out of nowhere and I had a success.

Beyond3D Forum

Welcome, Unregistered.