This has nothing to do with malicious websites, malicious ips and malicious emails. But the Microsoft account has permission loopholes, which can allow unauthorized people to access all the services of the account (as long as the service can use Windows hello verification). Microsoft believes that the most convenient and safe verification method has now become a shortcut for saboteurs. The exploit methods are as follows: 1. The user logs in to the Microsoft account on a device that supports Windows hello (we all know that this is not difficult to achieve whether passive or active) 2. Set the Windows hello message as a saboteur 3. Even if the user changes the password , Activate the two-step verification, log out all logged-in devices, delete the account password and use a password-free account. The saboteur can still use Windows hello to log in and change all Microsoft services. 4. The Microsoft account security interface does not currently have any Windows hello settings, online technology It supports and does not have the right to remotely delete Windows hello messages of suspicious devices.5. There are no countermeasures and supervisory control methods in this way of logging in that can be used. At least the function of remotely deleting authorization should be added to the account management page.
HiMock.I'mGreg,10yearsawardedWindowsMVP,specializinginInstallation,Performance,TroubleshootingandActivation,heretohelpyou.ThereareincreasingreportsofaccounthijackingsgoingonnowsoI'dadviseeveryonetohardentheirpasswordsandconsiderusingTwoFactorAuthenticationinWindowsandfinancialaccountsuntilthisgetsundercontrol:https://www.windowscentral.com/how-set-two-step.They'vechangedpasswordchangeproceduretorequireSecurityCodesenttomobileoremailsoupdatethosenowtoo:https://support.microsoft.com/en-us/help/12428/.ButhackersarechangingtheSecurityfactorswhichmakesithardtoevennavigateAccountRecovery.Thebestresourcesforpreventinghackingarehere:https://preyproject.com/blog/en/have-i-been-hac.https://www.windowscentral.com/signs-pc-hackedhttps://www.csoonline.com/article/2457873/signs.Haveanexternalbackupthatyoukeepunpluggedtoavoidransomware.ThenhaveacloudbackuplikeGoogleDesktopthatallows15gbfreesyncingofyourUserfolderstotheircloudwhereit'ssafefromransomware,theftandfire.YoumakesomegoodpointsthoughIdon'tknowifthislatestaccessisgainedbyHello.ButIfyouwanttoexpressyouropiniononthistoMicrosoftusetheFeedbackHubappinStartMenuwheredevelopersaretaskedtoprocessconsumerfeedback.Theywillnotevenseeithere.Thisisatechforumsstaffedmostlybyvolunteerstryingtohelpotherswithyourproblems.Ifyouwanttoexpressyouropiniononthisandyou'reaWindowsInsideryoucanalsodosointheWindows11Insiderforumsherewhichismonitoredbydevelopers:https://techcommunity.microsoft.com/t5/windows-.Ihopeithelps.______________________________________________StandardDisclaimer:Therearelinkstonon-Microsoftwebsites.Thepagesappeartobeprovidingaccurate,safeinformation.WatchoutforadsonthesitesthatmayadvertiseproductsfrequentlyclassifiedasaPUP(PotentiallyUnwantedProducts).Thoroughlyresearchanyproductadvertisedonthesitesbeforeyoudecidetodownloadandinstallit._________________Iwillnotquitforthosewhoworkwithme.此是否有帮助?是否抱歉,这没有帮助。太棒了!感谢你的反馈。你对此的满意度如何?感谢你的反馈,它能帮助改进网站。你对此的满意度如何?感谢你的反馈。
