Sign up for free ElcomSoft Password Recovery Software newsletter

Leave a Reply

6 Comments on "Breaking into Microsoft Account: It’s No Google, But Getting Close"

Notify of
avatar
KoolFirE
Guest

Very interesting article! Thanks!

Rolf Gutmann
Guest
Rolf Gutmann

Good job the americans say! Thank you!

Sesh Murthy
Guest
Sesh Murthy
Background: My hotmail account recently got hacked. I have been using google authenticator for 2 factor authentication this account. I also have two app passwords for my Mac email and my iPhone email. Microsoft says that I owned a Windows PC which uses this account (I may have bought it, set it up, and returned it without deleting all information). Someone from Vietnam performed a successful sync using Exchange ActiveSync to my account on October 7th. At that time, my iPhone mail said that it could not access my hotmail account and asked for my password again. I entered it… Read more »
Vladimir Katalov
Admin
Vladimir Katalov
Sesh, Thank you for sharing your story! We evaluated Google Authenticator a little bit but have not found any weaknesses so far. Even more, the Google token is pinned to the specific device and can be extracted/decrypted only with physical acquisition (and only from jailbroken 32-bit device, so up to iPhone 5/5C). So the only vector of attack I can think of is obtaining app password from your Mac (which is in fact also not very easy, until you saved it in a plain text and so it became accessible to some malware). Answering your other question — I do… Read more »
Sesh Murthy
Guest
Sesh Murthy

Thanks for the detailed reply. As you noted, Microsoft did not/could not help.

I appreciate your help.

I am stumped.

Vladimir Katalov
Admin
Vladimir Katalov

Sesh,

Sorry to hear that… We will be happy to help, but that seems to be the work for LE 🙁

wpDiscuz