Win 10 MS account lost password, computer wont get past the login

[britechguy]

I do not want to say how many of these turned into a Fabs backup and a nuke to get people to write things down for the future.
People toss phone numbers and many never can access the email any longer.

All mistakes that a Fabs backup and nuke will, one hopes, get those who had to suffer even that limited pain to not repeat the listed mistakes again. And all of those things are mistakes.

And, if they do, well, you can lead a horse to water . . .

 

[Porthos]

Also gotta love those that used fake info when creating the account. They thought they would be sneaky with their info.

 

[frase]

@nlinecomputers OK agreed and understood sir.. The users forced into the process of encryption of systems therein chaos ensues.

 

[NJW]

You could try and setup a temporary email account to divert the recovery email to.

If that were possible, don't you think it might be a bit of a security hole? </s>

 

[Sky-Knight]

Windows 11 isn't the trigger here... Windows 11 is doing EXACTLY THE SAME THING that Windows 10 did. The only change to Windows 11 is the Home edition of Windows 11 will not allow you to continue to the end of the initial setup wizard without a Microsoft account, even when offline.

Windows 10 long ago armed this bomb... if the device had EFI, secure boot, and a TPM module the bomb was armed. As soon as Windows 10 saw a Microsoft Account, the bomb would go off and Device Encryption would be deployed.

Windows 11 continues this behavior, and saying that device encryption will not concern you except in cases of Windows 11 is foolish. ANY DEVICE generation 8 or younger is very likely to be in this category. There is a reason Microsoft chose that as the dividing line for Windows 11.

So, if the device is Windows 11 COMPATIBLE, and running Windows 10, this exact same situation can unfold.

It is time for all of us to update our brains, and be ready to tell people it's over. Because that's what this all is, if you've lost access to your own account your data just went with it. Should have had a backup, sorry not sorry. It's 2021, and you've been using terrible habits for decades, now Microsoft has created a crucible upon which those bad habits will die. Am I sad about it? No, not even a little bit.

 

[sapphirescales]

the issue at hand is not the result of anything other than someone losing or forgetting their password

This is absolute BS and you know it. There's no need to encrypt everybody's data. The ONLY reason why Microsoft does it is in order to coerce people into buying a cloud backup subscription. If you asked people if they wanted to encrypt their drive during initial setup 99.9999999% would say NO if they understood what it meant and that it meant that they would lose their data if they ever forget their password and couldn't log in to their account.

NO TIME in the entire history of people using computers was drive encryption forced upon us by Microsoft, nor was it necessary (it still isn't). If you're constantly traveling for business and have important business and financial documents on your computer then by all means, encrypt it using third party software. But that's like 0.0000001% of people. The VAST majority of people don't need encryption. Microsoft is doing this because of their insatiable greed, NOT to do their users any favors. The chances of you needing to get your data off of a computer that won't boot is 100,000x more likely than you:

1. Actually losing your computer in the first place

PLUS

2. The idiot who steals it not just being some moron criminal who won't even know how to get past the Windows login screen

PLUS

3. Them actually wanting your data. They're after the hardware, not the software.

PLUS

4. Them actually stealing your phone too so they have access to your 2FA accounts

PLUS

5. Them actually being able to get past the password on your phone

PLUS

6. Them actually being able to get access to the 2FA app on your phone (these usually have a passcode of their own)

I mean, give me a fricking break. Microsoft pretending to encrypt everyone's device for "security" reasons is absolutely ludicrous. Unless you're actually being targeted (like a traveling high level executive or something), no one is going to go through that much trouble. And the people who SHOULD have encryption have much better third party solutions than Bitlocker.

 

[britechguy]

There's no need to encrypt everybody's data.

You'll get no argument from me on that. I've said it, on multiple occasions.

That being said, it's not an issue if:

1. You are responsible about maintaining your passwords for reference when needed.

2. You are actually taking regular, cyclic backups of your machine. I really have no sympathy anymore for those who don't and who lose everything. We're long past time when this should be considered standard operating procedure.

It really is not up to me to be able to fix every issue that comes up because someone made a bone-headed decision. And heaven knows that the old saying, "Once burned, twice shy," is sadly sometimes what's necessary for those who won't listen to advice from the pros.

The fact is that this particular incident would have been entirely prevented had the user kept track of their password(s). The problem still boils down to end-user error that could have and should have never occurred. My sympathy is absent, and will stay that way.

 

[sapphirescales]

@britechguy I'm sorry but the vast majority of people can't remember passwords. When most people can't do something, it's the system that's at fault, not the people. This is why passwords need to go. The answer isn't password managers and 2FA because all that does is add complexity to something that most people already can't do.

We're long past time when this should be considered standard operating procedure.

I would agree with you if Microsoft had something like Time Machine for Windows, but as it is now, 99% of regular computer users aren't able to reliably back up their computer thanks to the horrible options in Windows. Even the software that comes from major external hard drive companies like Seagate and WD suck royally. The best option for most people is the easiest cloud backup solution available, which is Backblaze. I just wish they did image backups rather than just file backups. Of course, there are much better solutions for businesses like N-able managed backup, but most residential clients aren't going to pay for that.

You can't expect people to back up their computer when you don't give them the tools to do it. Third party backup solutions are complicated, confusing, and ineffective. File History is a dumpster fire. Most cloud backup solutions suck too. Besides all that, people have to be able to remember their password to their accounts in order to have access to restore their backups! The last time they logged in was what...3-5+ years ago? Of course they're not going to remember their password! What people really need to do is pay for managed cloud backup, which is what I offer even my residential clients, but it's unreasonable to expect everyone to pay for this just because Microsoft insists on tying their computer to a Microsoft account and encrypting their drive so they can't get their data off if their computer won't boot.

I'm able to recover a client's files over 99% of the time even when they have failing/damaged drives. It's very rare that I have to restore from a backup because I can get the data off their original drive 99% of the time. That being said, this drive encryption BS is great for my business. I can sell cloud backup solutions much easier now, and I can charge out the ying-yang for recovering data from their encrypted drives. Still, it's not right. Microsoft shouldn't be doing this, and telling people "just back up" isn't helpful. The sad truth is, the backup solutions available suck so badly that the only way for a residential client to be able to reliably back up their system is by purchasing managed cloud backup from me. They can use OneDrive but if they store their data outside of the Desktop/Documents/Downloads folder or if they get hit with ransomware, they won't be able to recover their data when their computer no longer boots.

The difference now is, backup didn't used to be as important because I could recover the data from their non-bootable computer 99% of the time. Backup used to be a "just in case" thing, but now you're basically guaranteed to lose your data if you don't back up. And the worst part is, there's no reason for it other than Microsoft's greed.

 

[britechguy]

I'm sorry but the vast majority of people can't remember passwords.

No. Most people don't remember passwords. There's a difference. We have spent years making it such that users do not need to routinely use passwords, thus cutting off the ability to memorize them. We see the same thing these days with regard to phone numbers, too. There was a time when most people kept quite a few phone numbers in their heads so that they could dial them from anywhere. The advent of phones with contacts functionality has killed that off, too. (And I'm someone who used to have a slew of phone numbers in my head and I just don't anymore because I don't need to.)

We should not, ever, have encouraged people to be able to not form firm memory of "the keys to their cyber kingdom."

And a bigger load of BS than, "PC users don't have good backup options that are easy to use," has never been uttered. There's a glut of excellent options. Use any freakin' one of them. Microsoft isn't about to reinvent wheels that are out there in abundance, nor should they. Hence the reason they've recommended using the third-party solution of your choosing for a long time now.

 

[Porthos]

Passwords, Phone numbers, spelling, math, all forgotten. Technology has made us stupid. I can't remember what I have forgotten.

 

[Sky-Knight]

All this arguing over passwords... meanwhile the entire point of modern auth is to eliminate the use of the password entirely.

And a ton of hand wringing over the fact that all the "magic" of "saving data" from a "failing machine", is now gone because you'll have backups, or you'll have nothing. Just like virus removals I say... GOOD RIDDANCE.

 

[britechguy]

meanwhile the entire point of modern auth is to eliminate the use of the password entirely.

Which I still predict is going to fail, miserably, over time.

There have been, and will be, all kinds of "new and improved" security schemes that don't stand the test of time.

Biometrics are far more likely to gain acceptance by the populace at large over time, and there will always be some who will not, for any reason, consent to that method, either.

 

[Sky-Knight]

Which I still predict is going to fail, miserably, over time.

There have been, and will be, all kinds of "new and improved" security schemes that don't stand the test of time.

Biometrics are far more likely to gain acceptance by the populace at large over time, and there will always be some who will not, for any reason, consent to that method, either.

Biometrics cannot be changed, and are therefore only useful as a second factor. Which incidentally, is EXACTLY how they're used in properly secured environments.

It must be something you have, and something you know. The something you have, is the authenticator, the something you know is the unlock code on your phone. The password is the unlock code on your phone, which as something that's used frequently, isn't easily forgotten.

It's been this way for decades in government high secure environments, your prediction in this case is dead wrong. This tech is long proven, and is EASIER for end users while also being more secure. But honestly for home users that bit is almost an afterthought.

 

[nlinecomputers]

Biometrics cannot be changed, and are therefore only useful as a second factor. Which incidentally, is EXACTLY how they're used in properly secured environments.

It must be something you have, and something you know. The something you have, is the authenticator, the something you know is the unlock code on your phone. The password is the unlock code on your phone, which as something that's used frequently, isn't easily forgotten.

It's been this way for decades in government high secure environments, your prediction in this case is dead wrong. This tech is long proven, and is EASIER for end users while also being more secure. But honestly for home users that bit is almost an afterthought.

Honestly for most end users having a password on a desktop PC is unneeded. A laptop is a different story as that is easily accidentally misplaced or left briefly unattended. You go up to get your Cafe Americano and come back to find your laptop gone.

 

[britechguy]

You go up to get your Cafe Americano and come back to find your laptop gone.

And even that, in reality, is quite rare.

Things like GPS units, cell phones, and laptop computers all had their times as "ooooh, shiny," new, and high-theft items. As each has become old and almost ubiquitous, the desirability for theft has dropped considerably.

I see cell phones and laptops left unattended at coffee shops (as but one example) quite frequently these days. There was a time where that would have been inconceivable, as you'd be almost certain one, the other, or both would be gone when you returned from the restroom.

It's not that theft never happens, but it's not the virtual inevitable outcome that it once was.

 

[britechguy]

It's been this way for decades in government high secure environments, your prediction in this case is dead wrong.

So, niche markets (and if ever there was one, that's it) aren't relevant to the broader market. That's been demonstrated repeatedly.

If that weren't the case, we all should be seeing Linux everywhere by now. It's taken the IT world, particularly data centers, by storm. The probability that it's going to do the same in the broad PC market is so close to zero as to be zero.

Tool to task. And tool is only generally useful if generally accepted.

 

[nlinecomputers]

And even that, in reality, is quite rare.

Things like GPS units, cell phones, and laptop computers all had their times as "ooooh, shiny," new, and high-theft items. As each has become old and almost ubiquitous, the desirability for theft has dropped considerably.

I see cell phones and laptops left unattended at coffee shops (as but one example) quite frequently these days. There was a time where that would have been inconceivable, as you'd be almost certain one, the other, or both would be gone when you returned from the restroom.

It's not that theft never happens, but it's not the virtual inevitable outcome that it once was.

That is more of a reflection of where you live than the device IMO. Though cell phones are finally locked down so that stealing them isn't worth it. The thief will have a brick at least on Android. Android devices for example can only be properly factory reset from within the OS. If you reset the phone from the recovery bootloader it will prompt you for your Google account before you can continue. Not sure if you can DFU an iPhone if it is not registered to YOUR iTunes account.

While Bitlocker does much the same for the data a skilled person can nuke the system and have a useful stolen device ready to sell.

 

[britechguy]

That is more of a reflection of where you live than the device IMO.

I'd say one could make that as a broad, general statement about theft, period. Some locales are distinctly more likely to have thefts than others are.

 

[britechguy]

Honestly for most end users having a password on a desktop PC is unneeded.

And I'd say the same is true for a non-mobile laptop. A lot of people these days don't ever carry a laptop anywhere.

In my work with individuals who are blind or visually impaired, almost all of them ask for their login to their PCs to be set up with no password or other security requirement. These machines sit at home, in a location that they can and do physically secure (even if that's via their front door). I still try to discourage that, because of both the practice and memory factors. Invariably, at some point, they need to know that password and it would be really handy for it to be etched into memory - both literal and muscle.

It's funny, but there's one gentleman on one of the blind-technology-centric groups I'm on who has the following for his signature, and while it's meant to be humorous, there's a huge grain of truth in it for a massive number of users (including myself, on particular days when fat-fingering is the norm):

Just once, I want a username and password prompt to say: "Close Enough!"

 

[Sky-Knight]

Honestly for most end users having a password on a desktop PC is unneeded. A laptop is a different story as that is easily accidentally misplaced or left briefly unattended. You go up to get your Cafe Americano and come back to find your laptop gone.

You are absolutely correct, the key here is MS also driving a separate set of cloud features that unify the desktop and the laptop such that they can be used as the same machine.

That cloud storage is the "backup" in terms of protection from the potential fallout from the encryption issue. So as far as their concerned all bases are covered.

I don't like the idea of encrypting everything either, but I do like the idea of everything being standardized. One set of rules for the end user to learn is better than many after all. We deal with nuance in this space because we're us, they will not, and aren't equipped to do so anyway.