Digital security is something I like. But passwords are the bane of my existence. I have so many different profiles for so many different digital services that keeping track of the passwords for them all is more than a little challenging. And I’m tech savy. So when I recently had a spate of patrons come into the library saying they were having trouble with their Hotmail account, I thought it was just a matter of forgotten passwords. Boy was I wrong.
Recently Microsoft introduced 2-step verification. Before I left Partners, they were rolling out 2-factor authentication. That’s when you not only have a password to enter but also a picture to look at. If the picture isn’t yours, then chances are someone hacked your account. My online banking account does this too. So I thought that’s what Microsoft was doing. Boy was I wrong.
Their 2-step verification used a password a code. You type your password in and are brought to another asking you to verify your phone number or alternative email address. Once you do that a code is sent to the one you chose. You have to go to and retrieve the code and put it in before you’re allowed into your email. Like I said before, I like digital security but methinks this is a wee bit of overkill to protect an email account. For those poor patrons that are tech neophytes, it’s enough to turn them off of Microsoft altogether.
For me, it was a minor inconvenience to add my cellphone or one of my alternative email addresses to my Microsoft account. To the patrons, it was a showstopper because they didn’t have a cellphone or alternative email address. Most of the folks uncomfortable with technology have a email address from their ISP or AOL. The folks that are a little more comfortable seem to have ventured out to Microsoft or Yahoo.
Those that chose Microsoft are faced with this nefarious 2-step. If they accidentally turned it on and forgot their password they are locked out of their account until they provide an email address or a cell phone number. I feel it’s well within their right to choose to not have another email account or to give out their cell phone. I’m working on documentation for those poor souls that accidentally turned this feature on. I originally wanted to include said documentation here, but it’s proving a cumbersome task. In the stead of waiting too long, I wanted to get a post out there to help spread the word on this issue. That way if other folks run into it, they can take heart in the fact that they’re not alone in their frustration! If you happen to have workarounds or more information, please leave a comment.