Forum Discussion

leeuniverse's avatar
leeuniverse
Brass Contributor
Mar 28, 2023

SERIOUS PROBLEM...! Browser "Account Sign In/Out" for "Other" Devices... ACCOUNT 100% UNSECURE!!!

You should NOT be asking for a "Windows PIN" when you're trying to sign into your browser account, or access your passwords which I also noticed.   This is a serious problem, because one reason I'm...
leeuniverse's avatar
leeuniverse
Brass Contributor
Mar 28, 2023

leeuniverse 

SERIOUS PROBLEM...! #2 Browser "Account SIGN OUT" for "Other" Devices.
Browser account is NOT SECURE... "Anyone" can recreate the Profile WITHOUT A PASSWORD, and they know your username aka email.

This is utterly unacceptable...!


Not only does "signing out" of the browser NOT protect your browser account...
But even "removing your Profile" STILL allows ANYONE using that computer to entirely get into your browser account. This is absolutely CRAZY....!!! Needs to be fixed IMMEDIATELY!!!

I did find the "solution"... But it's a multistep process to remove this access.
What happens is you associate the Microsoft Account with "Windows", so you have to.
- Sign Out
- Remove Browser Profile
- And remove the Windows Account that's been created under the Windows Login without our permission btw.
Only THEN is our browser account actually "removed" from the computer, not simply "signed out" and we are secure. This is CRAZY...!

 

Now, just to keep my browser account secure, because many people use this computer under this login, because it's designated for security and other employees of the site, I have to completely remove a million things, and just to USE the account again on this computer, I have to do a FULL SETUP again of my profile, download and sync everything etc.

 

There is no way to get around the forced "Windows Login Account" creation. It asks for my Windows PIN every time I recreate my profile, that is if I want to download/sync my info.

 

Please for the love of HEAVEN this entire system needs to be reworked, it's entirely INSECURE, convoluted, not intuitive, having to track down secret settings, if people "Sign Out" or Delete their Profile, they would normally assume they are safe, BUT THEY ARE NOT...!

  • leeuniverse's avatar
    leeuniverse
    Brass Contributor
    Apr 06, 2023

    So... Is Microsoft going to respond to this post?
    To be clear as to what's happening...
    1. You use a computer in which you have the Windows PIN to, but it's OPEN to everyone to use in your department.
    2. You create a profile, and you're FORCED to use that Windows PIN to Create and Sync your Profile, which SHOULD NOT be happening. You should be able to access your browser profile no matter the device you're using.
    3. You then "Sign Out" of your Profile and even "Delete" your browser profile, and yet ANYONE can create a profile and end up 100% creating and accessing YOUR profile, without even a PW being asked for, and they have FULL ACCESS to your browser account.
    The reason this is occurring is because Microsoft is storing your Microsoft Email, aka your Browser Login onto Windows itself in Accounts under "Email Accounts".
    So, unless you REMOVE that stored account, anyone literally has access to your browser account still, doesn't matter if you've "Signed Out" of it, AND even Deleted your browser Profile.

    NOT ACCEPTABLE Microsoft... This is a massive SECURITY FLAW...!!!

Resources