Mele20
Premium
join:2001-06-05
Hilo, HI
| Microsoft Passport login demanding SocSec number!
Shit! and DOUBLE SHIT! Microsoft just told me my password had expired so I changed it and then it returned an error and said I couldn't have one close to the old one. I had one Microsoft rated as extremely complex and it has to be changed every 72 days so I didn't think if I changed it just a modest amount that was dangerous but Microsoft said it had to be totally changed and be extremely complex.
So, I unchecked the box to have it expire. That fixed that problem as Microsoft doesn't care about the password complexity or how close it is to the earlier password if it never expires. But then it asked for a hint. So, I typed in the name of my best childhood friend...all the others are not good hints for me. It told me my friend's name is too short...well...gee..I can't change my friend's name to make Microsoft happy. So, I tell it to cancel the hint. It does and then tells me that I cannot log in because I need my parent's permission! I'm in my 60's. UGH.
I have gone through this particular nightmare with Microsoft before. They require a credit card to verify my age or they want me to type in my Social Security number! Can you believe that? I went round and round with these idiots by email the last time this happened and they demanded an ORIGINAL birth certificate or my Social Security number be mailed by snail mail to them. Luckily, last time after 72 hours, the child block mysteriously disappeared and I could log in...but this is just nuts. They claim that they have information that I am only 5 years old....gheesssh...
Anyone know who I can contact besides Customer Service? They are the ones that insisted that they were certain I was 5 years old the last time. They said they had absolute proof of this and treated me, in the various email exchanges, as though I was a naughty child trying to circumvent my parents wishes and login to Passport when my parents did not want me to do so. I am not going to send my SocSec number in a snail mail to Microsoft and I am not sending them a birth certificate either. That is ridiculous!
I am reasonably sure that this is a bug in the way you have to make your password for Health Vault. If you belong to Microsoft's Health Vault the password for Microsoft Passport must be extremely complex and must expire every 72 days and it was only after I joined Health Vault last November, when Microsoft unveiled it, that I had this problem with them claiming I am a child. I told Customer Service that they need to fix this bug. Customer Service said, yeah, maybe it was a bug but there was no way to reach the folks responsible for Health Vault Passwords at that time because it is a beta service at this point. So, now 72 days have passed and I encounter the same problem again. 
Asking for Social Security numbers to be sent, or a birth certificate,or even a credit card seems to me to be very risky identity theft wise as well as invasive of privacy. Microsoft has my name and mailing address and phone number already. I don't think they need my birth certificate or SocSec number! I was so frustrated the last time because Customer Service would not tell me what "evidence" they had that I was 5 years old. They also had no explanation for why they have been allowing me to login in since Passport was first created 7-8 years ago without any need to verify that I am an adult but now they suddenly have "proof" I am a child.
This is a sad situation security wise for another reason. If this gets straightened out, I won't ever again make a complex password. I will make the most simple one I can possibly make and no hint because I don't want this problem every 72 days. Microsoft was praised by some of the most stringent of the Privacy groups in the USA last November in a press conference in Washington for creating this extremely complex password process/mandatory expiration every 72 days for Health Vault since extremely sensitive information will be uploaded by physicians, hospitals, medical labs, insurance companies, etc to Health Vault. But Microsoft can't even seem to do this right as this is the second time now that changing the password has triggered this lock on Passport saying I am a child and Customer Service's only solution is to demand a SocSec number or birth certificate.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
 ·Verizon Online DSL
3 edits | So much info so little time so I left out your story.
--
Contacting MS CS seems to make sense because they run the show.
Asking for identification does not make them idiots.
Complex passwords are the way to go. I have asked many sites over the years to make passwords more complex and I am sure others have also. Why would you want a weak password for such important information? Makes no sense.
There are various sites that require SSN to verify who you are. Do you think Bill Gates is going to fly to HI and see you face to face? Just because you give a name and address does not prove you are you.
More likely a bug in the system so report it and wait to see what happens. HealthVault is still in development.
If you do contact CS again I would lose the name calling. Chances are if you act like an adult they will treat you as such. I am not saying you did that your first time around but you just never know.
BTW your alternate contact link is in their policies.
Did you read HealthVault Privacy Policy before signing up?
»https://www.truste.org/pvr.php?page=complaint
Edit* Punctuation, added link plus name correction.
--
"We must look for consistency. Where there is a want of it we must suspect deception." - Sherlock Holmes |
|
MS staff
@co.th
| said by Grail Knight  :If you do contact CS again I would lose the name calling. Chances are if you act like an adult they will treat you as such. LOL. That's it! |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
| reply to Mele20
I'd start with customer service then escalate.
My health information is restricted to my providers, and Bill Gates doesn't show up in my list. Although I'm sure that many consider Microsoft sufficiently trustworthy to have access to my health information, I don't.
I'm a bit surprised that you'd trust Microsoft with access to health information, even if in a general sense, but don't trust them in any other way. But then, to each his own. With that, my suggestion is to escalate through channels.
As others have mentioned, many customer service people, when hearing some of their less pleasant customers, will switch to "minimum required cooperation" level or "accidentally" disconnect, put them in transfer hell or make the problem customer wait forever on hold, so how one deals with them may be a factor in the ease and speed of resolution.
--
BBR's Shooting for a Cause! |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Mele20
what a crock in the first place..
»www.healthvault.com/
»www.healthvault.com/Applications/
PRIVACY STATEMENT 
»https://account.healthvault.com/help.asp···cyPolicy
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
simmery
join:2006-01-29
| reply to Mele20
Sounds to me as if the service is broken. Also, I see no evidence that Mele treated anyone abusively. Finally, no matter what kind of confidential information you're allowing people to store in your "vault," you don't straighten out a screw-up by demanding social security numbers, credit card numbers, or birth certificates. If you have the tiniest particle of common sense, you don't insist that an obviously adult email correspondent is five years old. Unless I had some vital reason for using this service, I would immediately cancel. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
 ·Verizon FIOS
| reply to Mele20
You don't need to reply truthfully or literally to a 'password hint'. The only point about a password hint is that it reminds you of the prerecorded answer. If 'x' is too short, try 'x-with-the-short-name'. Or make up a name and write it down. Or just type in some junk that you have no intention of remembering, since it's only a backup for when you forget your password - so forget the backup answer and make sure you don't forget the password. |
|
Hangetsu
join:2007-12-22
West Chester, PA
| Here's the problem -- How do they truly verify your age otherwise? The whole idea of having to do this is a quagmire: Either you are too draconian (Microsoft), or too easy (MySpace, etc.) so a 5 year COULD pretend to be 60. There's really no in-between without having to give up some information.
I think having to provide a SSN is over the top, but a credit card might make sense - Microsoft's servers are pretty secure, I wouldn't worry about that.
Not saying it doesn't suck, just that this type of stuff puts companies in a Lose - Lose situation. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | reply to Mele20
Okay this is too funny! |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Mele20
Social Security history
The Social Security number was never designed to be a personal identifier. In fact, when the Social Security law was passed in 1935, the Social Security Account Number, its original name, was meant to identify the account, not the person.
That’s not the case today. There are few prohibitions against the use of the Social Security number in the private sector and it is widely used by the federal government. It is “in such extraordinarily wide use” it has become “a de facto personal identifier,” according to a Health and Human Services White Paper.
In July of 1998, the Department of Health and Human Services proposed creating a unique identifier for health purposes. Using a number other than the patient’s Social Security number would increase privacy and limit the health provider’s access to a patient’s credit and financial information. No action has been taken on this proposal.
»www.msnbc.msn.com/id/12137393/
The Basics
Safeguard your Social Security number
Protect yourself from identity theft by keeping a tight rein on your Social Security number. Only a few organizations have the right to demand it. Here's how to fend off the rest.
»moneycentral.msn.com/content/Ban···3718.asp
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to EGeezer
said by EGeezer :As others have mentioned, many customer service people, when hearing some of their less pleasant customers, will switch to "minimum required cooperation" level or "accidentally" disconnect, put them in transfer hell or make the problem customer wait forever on hold, so how one deals with them may be a factor in the ease and speed of resolution. Years ago I knew a guy who worked CS for Ameritec. He said whenever he got a customer who was cursing and screaming he just figured there was an english language issue so he transfered them all to the Polish Language dept.
--
Gay Jesus: John 13:23
www.biblegateway.com/passage/?book_id=50&chapter=13&verse=23&version=8 |
|
Thaler
Premium
join:2004-02-02
Encino, CA
| Holy crap. When I first read this, I thought this was just scammer bait...but then, yeah...I'm kinda blown away that MS feels entitled to your SS#. As shown above, even the "experts" from their media branch suggest not to give out such personal information willy-nilly.
Honestly, couldn't MS prove your identity using another method? Credit card, drivers license, a testimonial from yer mum, etc. Seems unnerving that they jump immediately to requesting your SS# once the automated password recovery fails. |
|
Hangetsu
join:2007-12-22
West Chester, PA
| Well, if its a personal health record we're dealing with, Microsoft has to be VERY careful about that. I don't know if they're covered until HIPAA regulations on Personal Health Information, but if they are... There's some serious ramifications if others are able to get this type of data. I could see why they need to be draconian on controlling access. |
|
Thaler
Premium
join:2004-02-02
Encino, CA
| Oh wow, I wasn't even aware MS offered a real serious health information service. (I thought it was some "I have the sniffles, should I have soup?" site) Yeah, if that's the case, then MS certainly needs to CYA with regards to password/patient security of medical records.
Though, damn...I really don't think I'd want any personal medical records locked away with the care of Microsoft. Medical records are pretty damn private, and giving "assistant" access to them to a 3rd party (aside from maybe your health insurance) seems like an unnecessary additional risk. |
|
lhamp
Premium
join:2000-02-20
Stone Mountain, GA
clubs:
| reply to Mele20
cancel the hint. It does and then tells me that I cannot log in because I need my parent's permission! I'm in my 60's. UGH
-----------------------------------------------------------
Ain't Life Grand? I just turned 60. I tried to co sign on a car for my Granddaughter. It came back needing permission from my Mommy! LOL! It worked out in the end but it leads me to believe something is wrong in Denmark! If you get my drift. Keep up the faith. I just bought a new car for my 60th. Dodge Charger R/T Hemi! I'm ready to rock & roll with all the young un's. I've got my pedal to the gas and they can kiss my ass! |
|
Jeffrey
too dark too early
Premium
join:2002-12-24
Dix Hills,NY
clubs:
·Optimum Online
·Verizon FIOS
·Vonage
·magicjack.com
| reply to Name Game
Health Vault stores you and your families medical information. Health Information is and always has been a hot topic, especially given privacy practices. HIPAA explicitly protects healh information (PHI)...
And Health Vault is currently in beta? Isn't that rather ironic. |
|
mtech
join:2002-10-20
Jonesboro, AR | reply to Hangetsu
Microsoft, in offering this Personal Health Record service is most definitely covered by HIPAA. |
|
Hangetsu
join:2007-12-22
West Chester, PA | I figured that. I work for a health insurer and we're starting the beginning investigations into providing something like this. The security implications are enormous. |
|
wispguy
Premium
join:2007-09-03
Seward, NE | reply to Thaler
If they ask for A SS# just give them the one from lifelock, that guys over 21 so everything should work, scary though how they can have access to that information in the first place. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to lhamp
said by lhamp :Ain't Life Grand? I just turned 60. I tried to co sign on a car for my Granddaughter. It came back needing permission from my Mommy! LOL! It worked out in the end but it leads me to believe something is wrong in Denmark! If you get my drift. Keep up the faith. I just bought a new car for my 60th. Dodge Charger R/T Hemi! I'm ready to rock & roll with all the young un's. I've got my pedal to the gas and they can kiss my ass! We'll need you to post your Social Security number as proof of all this. |
|
