How can hackers change security info without starting 30-days security period ?
Hi everyone,
I'm considering moving to Outlook but I'm quite afraid of all the posts from people being hacked and not having any mean of recovering their account...
According to Microsoft :
>When all security info is removed from a Microsoft account, the account is put into a restricted state for 30-days.
Questions :
Some people have had all their security info changed, even their primary alias used to connect. And yet there wasn't any 30-days security period. Why ?
If I enable 2FA and the hacker changes all the security info but one, then I won't be able to login, right (need 2 factors) ? So no 30-days period in that case but I'm still screwed, right ?
During the 30-days period, can I still log in using the old (removed) security info ? If no, what's the point of this security period ?
Is changing the password considered a removal of one security info and therefore could trigger the 30-days period (if all others info are removed) ?
Does the account recovery form from Microsoft website ask for any credit card used as payment option in the account ? (although we can't rely on that form if 2FA was enabled, by us or by a hacker...)
Thank you in advance