u/Ok-Sugar8855

How can hackers change security info without starting 30-days security period ?

Hi everyone,

I'm considering moving to Outlook but I'm quite afraid of all the posts from people being hacked and not having any mean of recovering their account...

According to Microsoft :

>When all security info is removed from a Microsoft account, the account is put into a restricted state for 30-days.

Questions :

  1. Some people have had all their security info changed, even their primary alias used to connect. And yet there wasn't any 30-days security period. Why ?

  2. If I enable 2FA and the hacker changes all the security info but one, then I won't be able to login, right (need 2 factors) ? So no 30-days period in that case but I'm still screwed, right ?

  3. During the 30-days period, can I still log in using the old (removed) security info ? If no, what's the point of this security period ?

  4. Is changing the password considered a removal of one security info and therefore could trigger the 30-days period (if all others info are removed) ?

  5. Does the account recovery form from Microsoft website ask for any credit card used as payment option in the account ? (although we can't rely on that form if 2FA was enabled, by us or by a hacker...)

Thank you in advance

reddit.com
u/Ok-Sugar8855 — 3 days ago