Wednesday, April 22, 2015

Open letter to Microsoft, mad about hotmail security


This rant at Microsoft has nothing to do with the general theme of this blog.  Yet I feel compelled to give this rant an open and long-term exposure.

What idiot is in charge over there this week?  The only reason I chose hotmail many years ago was the ease of access.  And the inverse of access is security.  I want minimal requirements and security and maximum ease of access.  And for many years that is what hotmail provided.  And now just because I didn't log out of hotmail before I left for work... or maybe it's because of the stupid new version of Office (that is tied to my hotmail account) which my wife might be using at home... your security locked me out of my account.  Office365 would explain why I'm not having trouble with my other hotmail account (yet).

Am I going to have a problem every time I effect a contemporaneous login?  Is this because some retard decided to tie Office365 to Microsoft online accounts and then realized 'Ooops, now people can share our overpriced latest/worst Office software instead of buying it?"   Did you guys really fuck up the webmail of thousands of loyal Office and Live.com customers in one retarded move?  Please relay my sardonic thanks to Steve Ballmer, good riddance.  Don't even get me started on Win8/8.1... there's never been a better reason to switch to Linux or even totalitarian Apple.

I want my old six digit, all numeric password back.  Don't lecture me on how it's not secure.  Don't tell me it's for my own good. Hypocrisy.   You won't even accept a 16-place all lower-case password which is astronomically more secure than an 8-place alphanumeric.  If Microsoft email security can't detect brute force crack attempts you should be ashamed.  And none of this protects me from saved passwords complicated further by remote access, whether legitimate or nefarious.  "Saved passwords, you say?"  Most browsers including Microsoft's decent (as of the time of this writing) Internet Explorer and *tada!* Windows operating system allow for the saving of passwords on web pages including live.com (hotmail).  It is not in the user's best interest to allow them to save their passwords but Microsoft is encouraging it, basically recommending it.  If a password is easy to remember and easy to enter there's no reason to save it.  So which is less secure, the Microsoft way of saving your one's password on PC, laptop, tablet, phone.. or manually entering a simple password upon access?  The Microsoft security requirements are bogus and hypocritical. sure their the IT industry standard which would make sense only if Microsoft is a follower and not a leader.  How embarrassing for you.

Why are you even worried about the security of my Microsoft online account?  Is it Office365?  That's a poor excuse.  You guys had a mediocre idea and implemented it poorly.  Where you hoping to lure away some Google+ or Yahoo users?  Does it allow me to install on many machines as long as I only use it on one at a time?  I haven't tried that but I doubt it.  Or is it just some crackpot attempt at making it harder to pirate Office?  You and so many other deluded publishers waste far more money on trying to prevent piracy than you actually save.  So maybe you're a highly principled international corporate giant trying to save the world from the evil of infringement upon archaic copyright laws.  Or is it the horrid communism of sharing intellectual property that you abhor?  Maybe you're just trying to appease your shareholders who are even more myopically greedy and stupid than your management.  As I mentioned before security is the inverse of access and these presumably anti-piracy efforts do nothing but vary the challenge and slow them down a little.  What's it take... a week, maybe four to crack the software so it either bypasses the security requirements or fakes them?  And who really pays?  We the legitimate consumer pay more for the same product and then have to suffer your paranoid yet self-defeating authentication regimen.   You are putting the cart before the horse but at least you’re greasing the squeaky wheels.   

And what are you protecting anyway?  Open Office (openoffice.org) and Libre Office (libreoffice.org) are perfectly acceptable alternatives.  And they are FREE.  It could even be argued that they are better and easier to use.  And they don’t get uglier and more convoluted with subsequent releases.  After using Office365 it’s never been easier to recommend Open Office and Libre Office.

And no, you can’t have my phone number.  Stop asking, ya creep.  Microsoft (or any other company) may be trustworthy today.  It’s debatable.  But what about tomorrow?  What about best intentions going awry?  What about corporate espionage or disgruntled employees?  How do I know that stock holders won’t insist on a greedier less ethical CEO at the next meeting?  If you want to ask me to trust you that’s OK.  If you want to require or manipulate me into giving you more personal information that is not OK. 

I want my simple password back.  But I’m not going to get it because you are a close-minded my-way-or-the-highway attorney-fearing money grinder.  Why should you care if someone is unhappy with how simple it could be to securely access your free service if someone else could try to sue you for their own blunders if you don’t follow or exceed the industry standard?  You obviously don’t care.  And you certainly don’t have a way that a support technician can override your ostensibly more secure settings.  You would rather lose me than allow me to put a checkmark in a box for a liability disclaimer and use my own preference of passwords.  What’s wrong with you?

Sure I could just find another free webmail provider.  I already have some yahoo, gmail accounts (to name but two) for compartmentalizing… and because as it turns out I need to be able to get email somewhere else so I can verify to you I am the actual Hotmail account custodian.  Dozens of times over several years I’ve had to be able to get mail elsewhere so I could access my Hotmail account.  How many times have I contacted Microsoft or even been a little worried that my account may have been breached?  Zero.  Never.  And yet dozens of times Microsoft has refused to accept me as authentic following authentication.  How many times have Gmail, Yahoo, GMX, hushmail, fastmail and zoho required me to authenticate after putting in the correct password?  Zero.  It doesn’t happen.  Sometimes they prompt for more personal information ostensibly in case there’s a problem later on (it’s probably just for their marketing department).  But when I provide the correct email address and password I get in.  Why doesn’t Microsoft do this?  What’s wrong with you?

I don’t want to give up my old familiar Hotmail accounts for several reasons.  Inertia is one reason.  My accounts are old enough that the usernames are short and simple.  Is it even possible to sign up with a meaningful username that has less than 8 characters at a major webmail provider anymore?  And I several information services that feed to my Hotmail or use Hotmail for confirmation.  And I shouldn’t have to move.  I didn’t do anything wrong.  I didn’t break any rules.  I didn’t make any mistakes (unless you count my using Office365).  It’s Microsoft’s false positives that have screwed things up.  And obviously will continue to. If you are causing the problem shouldn’t you fix the problem?  Give me back my simple password and get your “I was only trying to help” retarded security measures out of my face.  What’s wrong with you?