For security purposes only



  • I have a hotmail account kicking around that I use for signing up to things that I don't care about being spammed from (). The account details are totally fictional, and I only ever use that account for throwaway stuff. This week I logged in there for the first time in a couple of weeks to find out that Microsoft wants my cell phone number in order to be able send me a security token in order to protect me in case my account gets hacked. From the look of it this request is mandatory and I won't be able to log into it after this week unless I supply my cell phone number.

    This actually worries me (well worries isn't necessarily the best word) as if I do so, MS now has information about a direct link between my hotmail account and me as a real person, and that I am paranoid enough to think that MS wanting this link is not for MY security, but only to close the loophole of anonymity. Its not that I am doing anything nefarious with the account, but I am pissed at the principle of being forced to provide my identity.

    And when MS spams my account, I flag their emails as being phishing scams - I know its a petty move, but hey .. it amuses me.



  • Do a Saul Goodman and have a whole drawer full of spare phones!



  • If they only use it to deal with if the account gets hacked and not for two factor authentication then mash on your num pad till it's full. Though then the account is lost if they then turn on two factor I suppose.



  • Ha! I have one too. I sign in once a year whether I need to or not. Just did. They dropped all my old mail. No great loss I guess. Like I said, I very rarely even check the damn thing.

    Nothing about wanting my cell number, though.



  • @locallunatic said:

    If they only use it to deal with if the account gets hacked and not for two factor authentication then mash on your num pad till it's full. Though then the account is lost if they then turn on two factor I suppose.
    Sorry if I wasn't clear, but from what I understand I won't be able to log on after this week unless I give them my cell number, they send me a token and I input that back into the website.



  •  If you think they can't already positively connect that account to something that can positively connected to your in real life, then you are TRWTF, because you have absolutely no clue how internet advertising works.



  • @taustin said:

     If you think they can't already positively connect that account to something that can positively connected to your in real life, then you are TRWTF, because you have absolutely no clue how internet advertising works.

    If you think I don't understand internet tracking, then please explain why MS also explicitly wants my cell #. If I can be tracked, then they already know who I am.



  • What's clearly needed here is something like bugmenot, only for cell phones.

    How hard do you reckon it would be to set something like that up on top of Google Voice?


  • Discourse touched me in a no-no place

    @flabdablet said:

    What's clearly needed here is something like bugmenot, only for cell phones.
    google("throwaway sms numbers") seems to give some suggestions...



    How useful/trustworthy they are, I've not a clue.



  • @OzPeter said:

    @taustin said:

     If you think they can't already positively connect that account to something that can positively connected to your in real life, then you are TRWTF, because you have absolutely no clue how internet advertising works.

    If you think I don't understand internet tracking, then please explain why MS also explicitly wants my cell #. If I can be tracked, then they already know who I am.
     

     They want to get it from you to verify their info and block you from sueing 

     



  • @flabdablet said:

    What's clearly needed here is something like bugmenot, only for cell phones.

    How hard do you reckon it would be to set something like that up on top of Google Voice?

    That's actually not a bad idea (using Google Voice, not the bugmenot approach... I'm not sure if that would even be possible using Google Voice; they've disabled access for third-party apps, so I guess now you'd have to interface with their servers via HTTP and screen-scraping if you wanted to try to automate anything).

    When I first signed up, Google Voice couldn't receive messages from or send them to SMS shortcode numbers. They didn't have any SMS/e-mail gateway, either (which was apparently related to shortcode numbers somehow). They've apparently got it working so that shortcode numbers now work, although SMS/e-mail is still not enabled (at least for the general public). Trying to put an e-mail address in the To box just gives an error stating that it's an invalid number.

    So it seems that you'd just need to register a throw-away Gmail account, enable Google Voice, and use the web interface to get your confirmation code whenever you use the number to sign up for anything.



  • Working around Google's Captcha sounds like the only slightly challenging part of automating that; the rest would be just grunt work.



  • @flabdablet said:

    Working around Google's Captcha sounds like the only slightly challenging part of automating that; the rest would be just grunt work.

    Until they get wind of it and decide to change things around, mostly just for the purposes of breaking your non-supported service. They've done it before. Then you have to deal with annoyed and frustrated users who expect you to drop your day job and fix this ASAP.



  • @anotherusername said:

    They've done it before.
    Yeah, Google loves to break shit. Which is why this particular chunk of Big Data cannon fodder eventually found himself dropping Gmail in favour of fastmail.fm, who charge very little and try very hard not to break anything.



  • I had some time to kill and tried to sign into Wordament on my Windows Phone. WP games use two-factor authentication now! It sent me an email, and then a text message, both with codes I had to enter into the game just to sign in.

    Of course, TRWTF is that two-factor authentication still ended up sending everything to my phone, so it would be totally useless at securing my account if my phone was lost or stolen.



  • @OzPeter said:

    @taustin said:

     If you think they can't already positively connect that account to something that can positively connected to your in real life, then you are TRWTF, because you have absolutely no clue how internet advertising works.

    If you think I don't understand internet tracking, then please explain why MS also explicitly wants my cell #. If I can be tracked, then they already know who I am.
     

     If you give it to them volunterily and on purpose, you create a pre-existing business relationship, which means they can make telekareting calls to it (and sell it to others to do the same). Not entirely legal, but a lot closer than it is now.

     



  •  If because they moved from 'Microsoft Points' to wanting to store your payment info; so they have to be more serure with 'Microsoft Accounts'

    my old 'Hotmail Account'  is tied to my phone and windows 8 machines, windows store developer licenses, XBOX Live, etc. etc.



  • @rudraigh said:

    wanting my cell number, though

    I had my mobile on my whois records for many years and never got anyone calling or texting me. I've had the same number for 13 years now. My current registrar just puts their own number in that field now. I guess you have to me more careful these days anyway.

    LOL and I just Googled my number and other than an old listing for my old business (I did PC repairs for a while) I'm apparently a mortgage broker, with the same landline number I used for my business (long since disconnected). I don't know the full context, as the site is down and Google Cache is returning 404.


Log in to reply