Greetings,
The following has come to my attention, thanks to another person who discovered it.
Using the old skype name, for example xxxxx and a password which is *different* than your xxxxx @email.here someone who got access to said OLD password could log in email and skype.
Changing microsoft account password, for example changing password for "xxxxx" @email.here which i was using for logging in into my email or microsoft account, did NOT change the password of just xxxxx (with no @email.here)
So for the same account, there are TWO doors, each with its own password.
I changed password for my account so many times, and i didn't know that someone could still log in with just "xxxxx" and his own password.
someone had access to my skype and email and i didnt know how or why.
changed passwords, reinstalled windows, again he had access and i couldnt figure out why. 2way security doesn't work, changing passwords doesnt work, that security hole still has its own pass.
My first question is: Why are there two ways to log into Microsoft, each with its own password.
2nd question: i hadn't use the old skype name, namely just "xxxxx" as i was logging in skype with *** Email address is removed for privacy *** +my pass.
How was i supposed to know, that even if i changed password 100times, "xxxxx" would still have the same password from 10 years ago.
And last question, how can i disable that access, delete it, and just have one way to log into microsoft, mail and skype etc. *** Email address is removed for privacy *** and not just xxxxx.
how could microsoft leave a security hole like this!
I got a mail stating that someone was changing my security info, i went into my microsoft account and everything was normal.
Luckily i found a person who found what the problem was. So i tried to log in with just "xxxxx" and no emal afterwards, and after changing that password THEN i received a message about my account being compromised! 2 different accounts with their own passwords for my account. but both of them led to my email and my skype
I seriously dont know how a Serious company like Microsoft did something like this. Old skype accounts still have their own pass and their own access. And users like me had no idea. Even if you change password every day, that one never changes.
Sorry if i was a bit "energetic" on this one, i spent a lot of time to figure out what the problem was. And if i didn't solve it, someone would have connected my account to a different email and lock me out after 30 days. And i didnt know why skype was slow,
like it was open on many devices, even after i changed passwords. Luckily the person tried to change emails and i found the "hole".
tl;dr
Old skype name, with no @email.here after the name, still has its own pass and said pass doesnt change when you change your mail or skype password, but it still gives access to them.
*edited for clarification
