Microsoft Account Serious Security Problem

%3CLINGO-SUB%20id%3D%22lingo-sub-1328271%22%20slang%3D%22en-US%22%3EMicrosoft%20Account%20Serious%20Security%20Problem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1328271%22%20slang%3D%22en-US%22%3E%3CP%3EI%20found%20something%20security%20problem%20on%20ms%20account.%20I%20have%20opened%202-step%20auth.%20Once%20logging%20on%20windows%2010%20and%20using%20security%20infos%20to%20verify%20my%20identify%2C%20I%20can%20even%20access%20the%20sensitive%20info%20via%20Windows%20Hello%20including%20PIN%2C%20fingerprint%20although%20changing%20the%20password%20and%20deleting%20all%20trusted%20devices.%20When%20I%20change%20the%20password%20or%20delete%20trusted%20devices%2C%20it%20shows%20me%20something%20account%20problem%20need%20to%20be%20fixed%2C%20then%20I%20just%20need%20to%20simply%20use%20the%20PIN%20to%20fix%20it%2C%20so%20change%20password%20or%20delete%20trusted%20devices%20make%20no%20sense.%20And%20the%20ms%20account%20is%20fully%20controlled%20by%20this%20PC%20permanently%20if%20I%20don't%20sign%20out.%20This%20makes%20it%20a%20serious%20security%20problem.%20So%20who%20once%20logs%20into%20my%20account%20on%20his%20or%20her%20windows10%20device%20and%20successfully%20auths%20identify%20via%20security%20infos%2C%20he%20or%20she%20will%20control%20my%20account%20permanently!!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1328467%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Account%20Serious%20Security%20Problem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1328467%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20have%20to%20delete%20the%20device%20in%20your%20microsoft%20account%20in%20the%20devices%20menu.%20After%20that%20delete%20trusted%20devices%20in%20security%20center.%20If%20you%20keep%20the%20device%20in%20%22devices%22%20and%20just%20remove%20%22trusted%20devices%22%2C%20the%20device%20will%20be%20trusted%20again%20after%20successfull%20windows%20hello%20authentication.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F632354%22%20target%3D%22_blank%22%3E%40Junrongit%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1328476%22%20slang%3D%22zh-CN%22%3ERe%3A%20Microsoft%20Account%20Serious%20Security%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1328476%22%20slang%3D%22zh-CN%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F261242%22%20target%3D%22_blank%22%3E%40dretzer%3C%2FA%3E%26nbsp%3BIt%20is%20is%20to%20remove%20it%20on%20%22device%22%20page%2C%20it%20just%20like%20clear%20the%20history.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1590477%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Account%20Serious%20Security%20Problem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1590477%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F261242%22%20target%3D%22_blank%22%3E%40dretzer%3C%2FA%3E%26nbsp%3BDeleting%20devices%20on%20devices%20page%20just%20clears%20the%20history%20of%20devices%20not%20really%20disconnect%20account%20from%20devices.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I found something security problem on ms account. I have opened 2-step auth. Once logging on windows 10 and using security infos to verify my identify, I can even access the sensitive info via Windows Hello including PIN, fingerprint although changing the password and deleting all trusted devices. When I change the password or delete trusted devices, it shows me something account problem need to be fixed, then I just need to simply use the PIN to fix it, so change password or delete trusted devices make no sense. And the ms account is fully controlled by this PC permanently if I don't sign out. This makes it a serious security problem. So who once logs into my account on his or her windows10 device and successfully auths identify via security infos, he or she will control my account permanently!!!

3 Replies

You have to delete the device in your microsoft account in the devices menu. After that delete trusted devices in security center. If you keep the device in "devices" and just remove "trusted devices", the device will be trusted again after successfull windows hello authentication.

@Junrongit 

@dretzer It is useless to remove it on "device" page, it just like clear the history.

@dretzer Deleting devices on devices page just clears the history of devices not really disconnect account from devices.