Hotmail/outlook falsely reports thunderbird as suspicious activity
Hotmail and outlook servers keep sending me 'account security alerts' to my actual account and the one set up for password resets. The email forces me to reset password because 'someone else has my account'. I review the account activity and it shows my own ip address.
This happens when I use Thunderbird to access these accounts.
I'm fed up of this nonsense.
The 'recover account' button hyperlinks to https://account.live.com/
The make your account more secure. link hyperlinks to http://go.microsoft.com/fwlink/?LinkID=263818
Screenshot:
http://fud.community.services.support.m ... a4d6baa822
All Replies (12)
Additional info: I also get frequently prompted to sign into my account using the server from time to time, in order to prove that I'm a real person.
I have verified my email accounts. But the server insists on checking me every week! I use thunderbird and pop peeper. This prompt usually appears after I try to send an email using pop peeper.
Don't you think pop peeper is also prompting these warnings? That is, it's possibly not purely a Thunderbird problem. Are there not users of other email clients suffering the same? I too have seen this warning, but I don't know if it was caused by Thunderbird or a mail client on a phone or tablet. Google too create spurious warnings. Yahoo tinker and break email. Godaddy imap hasn't been working correctly recently. They won't know that they are p!ss!ng off their users if we don't complain.
Complain to Microsoft. A large enough pile of angry messages about this inconvenient and poorly implemented "enhancement" might make them reconsider it.
Zenos said
Don't you think pop peeper is also prompting these warnings? That is, it's possibly not purely a Thunderbird problem. Are there not users of other email clients suffering the same? I too have seen this warning, but I don't know if it was caused by Thunderbird or a mail client on a phone or tablet. Google too create spurious warnings. Yahoo tinker and break email. Godaddy imap hasn't been working correctly recently. They won't know that they are p!ss!ng off their users if we don't complain. Complain to Microsoft. A large enough pile of angry messages about this inconvenient and poorly implemented "enhancement" might make them reconsider it.
This happens with my gmail too time to time. What do you suggest we do? I have complained to the Microsoft toubleshooting team Microsoft toubleshooting team, the Microsoft Community and Mozillazine Mozillazine. Now I am going to find the pop peeper forum.
You do know mozillazine is in no way associated with Mozilla, or Thunderbird don't you?
Basically pop peeper is quite probably the issue, every program that accesses your account identifies itself. If you look at the troubleshooting information on Thunderbird help menu, the user agent string is supplied at login. Pop peeper (I know nothing much of it) may use it's own, spoof Thunderbird's, or even pretends it to apple mail. IT is not controlled, but it is used by the Microsofts and Googles to regulate application passwords.
So if you opt for the supposedly "more secure" two factor authentication you then have to have a separate application password created on their site for every application that accesses the account. So originally you had one password to have compromised, now you have three, the one they text you for the web site, the one created for Thunderbird and the one created for pop peeper. It does make working out which password was compromised easier, but having more passwords that access the same thing is not really security through anything but obscurity, as any application can pass in the id of any other.
I can see my user agent string. But what do I do with it? On server's recent activity page it shows all logins made by "Device/platform Unknown". So doesn't specify an app.
Could it be pop peeper does not supply a user agent string. So it is really it that is causing the issues.
Matt said
Could it be pop peeper does not supply a user agent string. So it is really it that is causing the issues.
When I check login activity on server, neither apps show a user string. Even Even if pop peeper doesn't show up on login activity, shouldn't thunderbird? But you're saying that that's not an issue? I'm confused.
I've stopped using PP. Testing TB at 5minute polling interval. Warnings were never daily. They would happen every week or 2 but for 20+ accounts.
Using one of my other email ads, I sent an email to myself using blackberry 9790 earlier today. Outlook then sent me a "please sign in and validate your Outlook.com account" email. I've done this tons of times.
Okay Launched thunderbird today and 6 of my email accounts had password resets all at once! I logged in to microsoft recent activity and all of them match the time thunderbird was launched with pinpoint accuracy!!!! This is a direct issue with thunderbird!
One thing I noticed whilst viewing recent activity on all accounts is that it shows gmt instead of gmt+1 so it shows all activity one hour before it actually happened.
Could it be your computer time is off? as in timezone or daylight savings?
Is your Microsoft profile correctly set for timezone?
It has to be something on your computer, as I have no issues using hotmail with this challenge response rubbish, it just works.