Microsoft mail Password bug! (Live, Hotmail, Outlook)
I am from the Netherlands and i decided to register on the Verge and post a serious privacy issue regarding passwords and a Microsoft mail account.
I have a Windows phone 7.5 Mango. (Nokia Lumia 800) I use this with several email accounts, but the main account is a live.com account. When i used this device for the first time i created this Live.com account on this phone with it to sync contacts etc.
I changed a couple a months ago the password for this account on my computer and i couldn't log in to the live.com account on my phone anymore. As it should be...
Today i changed the password again on the computer... Guess what? I changed the password several times on this Live.com account on my computer but the phone is happily syncing all the e-mails i send to it from a other e-mail account! I changed the password several times on the PC! but that doesn't matter! the Live.com account on the WP7 phone can still receive and send emails from the phone! it didn't even ask for a new password on the phone! It kept on syncing successfully with the old password. I'd never had to enter the new password...
How it happened:
I decided to change the password for this Live account because i forgot it. The phone still has the password, so it could sync etc.
1. On my PC i was going to www.hotmail.com and selected that i forgot the password. So Microsoft could send a link to my other mail account to change the password. (yes, i give this live.com account a other email address in-case i forgot my password.)
2 Done! Changed password. I couldn't log in anymore with my old password on the PC, but only with the new one. But my Phone could somehow still sync with this live.com account and it didn't ask for a new password, The phone uses the old password. That is why i emailed this live.com account to see if i had seen it right. And yes... the phone could still receive emails while the password was changed on the pc!
3. This time i changed the password in the live.com account itself on the pc, not via a link to another Mail address. But... Still the same. I could still receive emails. (I couldn't log in anymore with the old passwords luckily on my PC, but my phone can! i think the phone don't use password verification but something else... But what? This is so wrong, what if my phone was stolen!!?
4, i logged out and in and suddenly my account was migrated to the outlook look. OK... I didn't give a command for that but microsoft said it could happen automaticly. Has this password issue something to to with this?
5. I changed the password again. Still the same story. I can send en receive emails with my phone with a old password( if it is that...) I never changed or typed the new password on the wp7 phone. This phone didn't even ask for the new password. How wrong is that!?
I think it has to to with all the accounts migrating to the outlook look. The problem was there before and after the migration. The migration happened automatically.
Note: Before i changed the password on this live.com account i also changed the password of my Gmail account on the pc. This Gmail account i also use on my WP7 phone. Gmail couldn't sync anymore on the phone after i changed the password so i had to put the new password in it.
A window automatically appeared for the right password when i pushed sync on the phone. But it didn't matter if i typed the CORRECT password or the wrong password for the Gmail account, the window kept reappearing after typed the password and pushed on sync. it reappearing so fast (directly) that it never could have connected to the Gmail server. i rebooted the phone but that didn't help. It worked after i rebooted the phone and connected to the adapter for power! probably because i didn't had much battery left. I saw a heart in the battery, When i have that i can't configure the email settings, because the phone is then complaining about low battery. But it didn't say i could not put the right password because of low battery. That would be ridiculous. Its a bug.
I don't like the fact that Microsoft don't offer a option to see to what ip addresses this live.com account was connected lately like Gmail. Maybe my account was compromised because of this. It should be standard.
Can other people replicate this issue?