Microsoft has locked me out of my own pc

[RJARRRPCGP]

I found an option to change the authentication to an email address, but that now takes 30 days to transfer.

Should have disabled 2-factor authentication before changing hardware.

 

[DaemonForce]

Wait, there's 2FA on Windows logins? Who does that and why? It's a private workstation, not a secure desktop. Proctoring?

 

[RJARRRPCGP]

Wait, there's 2FA on Windows logins? Who does that and why? It's a private workstation, not a secure desktop. Proctoring?

Sounds like 2FA-to-smartphone. Reminds me that I had to temporarily disable that to upgrade to my Galaxy S23.

 

[Jism]

it's so sneaky, the activation reads something like " log in to activate windows" I thought it was just to get the activation like signing into the xbox app or something , then it changes your local account to a microsoft account and forces you to add a pin. And now because there is something wrong with Microsoft SMS authentication I'm locked out.

I've read stories about parents being locked out completely or even banned from pretty much every MS account, because some photo's of their beloved children where tagged different then what most people would think.

I would not trust one bit of my data to such large company's who have or uphold nothing but to explore and sell your data on a large scale. Or let alone infest an OS full with telemetry or hidden ads left and right. Seriously people should stop using Microsoft products.

learn linux.

 

[eidairaman1]

That's how OE systems are.

I wouldn't be surprised if that's how 11 retail is, possibly the same with late-versions of 10.

Windows 11 also forced me to reset my PIN, IIRC, after I popped in my Ryzen 9 5900X on Christmas day! (Same motherboard as in the sig, I had that motherboard since at least sometime in '22, if not late '21)

I used a OEM edition of W11 on a Rig i built in 2021, I had the ethernet cord removed and it skipped the ms account bs.

 

[Jism]

Wait, there's 2FA on Windows logins? Who does that and why? It's a private workstation, not a secure desktop. Proctoring?

2FA is perhaps for users a ideal situation, but it's been proven that these company's do use your data in a more extensive way then you think.

 

[windwhirl]

Wait, there's 2FA on Windows logins? Who does that and why? It's a private workstation, not a secure desktop. Proctoring?

I believe it's only triggered under specific circumstances, like when Windows for some reason can't let you use the PIN you set up (TPM getting cleared out can trigger this).

Aside from those anomalous situations, your password or PIN is enough to log in, so the login UX doesn't differ much from what it has been since the Windows NT/2000 days.

Other than that, I only use PIN so I can't tell if you can force Windows to make you verify through all the available methods you may have set up.

 

[RJARRRPCGP]

or even banned

Yes, you can indeed get banned, if the BIOS resets itself! (CMOS is reset)

 

[LabRat 891]

Sorry to point out the obvious, but this is 100% your fault. You have irresponsible computer security practices. Use a password vault like Bitwarden, a 2FA authenticator such as Authy and keep authentication information for important accounts on another easily accessible device or physically, on paper.

Your PIN reset because you changed the motherboard and were using firmware TPM. Key on your motherboard and CPU mismatch, so Windows Security is doing its job by keeping you, nosy intruder, out. This is literally what it's designed to do and because your account is setup incorrectly, you lost your password and even your correspondence, it just shows how much you cared.

Admirable Constructive Criticism, and not technically incorrect, but...
I see this about-as-much "his fault" as not avoiding an oncoming driver in your lane, while rounding a blind corner.
Thankfully, the harm is fairly minimal/recoverable. Think: head-on collision Fender Bender


Could the consequences've been avoided with different choices and/or habits? Absolutely.
Regardless, this painful learning experience came about while "going about their business" and "following the rules/expectations", for an average every-/layman.

 

[thesmokingman]

It's nutty that MS is forcing MS accounts on 11 and the future. My MS account is constantly hack attempted every month and MSFT just allows it lol.

 

[kilo]

Once you do get back into your PC, you need to immediately go to your MS account and get the bit locker recovery key. If you lose you bit locker recovery key via your MS account, you will be permanently locked out.

While it is frustrating to be locked out of your computer, I would count your blessings that you weren't completely locked out. I've had elderly folks in my life who forgot their credentials. Back in the day, a hiren's boot CD and clearing SAM would take 10 minutes. But now, it's almost always bad news: like a doctor with a terminally ill patient.

 

[64K]

The joys of using MS. I don't know if this will be of any help but maybe someone Googling and landing on this thread in the future. On Win 10 one time after a MS update the Login screen got reset to ask for my MS account instead of my PIN which I had never set up an MS account. The PIN no longer worked because it wanted my MS password which I didn't have. I even posted about it here. Eventually I noticed on the Windows login screen by clicking around on stuff that there was a way to change it back to asking for the PIN and it worked.

 

[sepheronx]

It's nutty that MS is forcing MS accounts on 11 and the future. My MS account is constantly hack attempted every month and MSFT just allows it lol.

two can play at that game.

Hack back my man

 

[ShrimpBrime]

I used a OEM edition of W11 on a Rig i built in 2021, I had the ethernet cord removed and it skipped the ms account bs.

Well setting up for a first time use, for her she can be secure and log in with MS.

I do like the rest and make a local account.

 

[RJARRRPCGP]

Once you do get back into your PC, you need to immediately go to your MS account and get the bit locker recovery key. If you lose you bit locker recovery key via your MS account, you will be permanently locked out.

While it is frustrating to be locked out of your computer, I would count your blessings that you weren't completely locked out. I've had elderly folks in my life who forgot their credentials. Back in the day, a hiren's boot CD and clearing SAM would take 10 minutes. But now, it's almost always bad news: like a doctor with a terminally ill patient.

Well, sadly, the BitLocker key recovery prompt boot loader blue screen, (not BSOD) became a meme of Windows 11 24H2.

 

[Dr. Dro]

Wait, there's 2FA on Windows logins? Who does that and why? It's a private workstation, not a secure desktop. Proctoring?

It's not 2FA for Windows login, and 2FA on Microsoft account should never be turned off. Windows' login security is designed to be paired with BitLocker or some other high-grade drive encryption, that way, if the computer is stolen or otherwise retained by an unauthorized third party (employer, law enforcement, spiteful wife ), they cannot access any data on the drive as the data is encrypted and the user account that has access rights to the file system is also protected. When used in conjunction with BitLocker, its signing/recovery key is also stored in your Microsoft account, so only you or someone that has your express consent can recover your data.

This is probably the most important step in Windows hardening ever taken, and this is now considered the default security setting on Windows 11 (Microsoft account managed login + BitLocker drive encryption + HVCI + TPM authentication). It's overkill for a personal machine, IMHO, but it's pretty great you can do this now.

I think they patched that out? It didn't work for me last time I bothered to try.

Hasn't worked since XP afaik

Admirable Constructive Criticism, and not technically incorrect, but...
I see this about-as-much "his fault" as not avoiding an oncoming driver in your lane, while rounding a blind corner.
Thankfully, the harm is fairly minimal/recoverable. Think: head-on collision Fender Bender


Could the consequences've been avoided with different choices and/or habits? Absolutely.
Regardless, this painful learning experience came about while "going about their business" and "following the rules/expectations", for an average every-/layman.

Sure, I get it, but in their hate binge people seem to overlook the actually good intentions behind certain decisions made. A Microsoft account is a "small price to pay" for the security architecture designed pretty much around it (weakest link in the chain principle), and it's at least comical that one is willing to use Microsoft software, but refuse to be an account holder at the same time. There are only benefits in running Windows in conjunction with an M$ account nowadays. Easy license management, security features, backups, etc.

Bitwarden and Authy are absolutely essential IMO, but if you don't like or trust password vaults or managers, a good old notebook, kept off-site will do just great. No workaround for the 2FA engine though. Authy is my favorite, but it has seen better days, I wouldn't be surprised if Twilio pulled the plug on it someday. Desktop version has already sunset.

 

[DaemonForce]

It's nutty that MS is forcing MS accounts on 11 and the future. My MS account is constantly hack attempted every month and MSFT just allows it lol.

Every month...
Every month?
Holy shit dude.

How do you keep it so tame? I can't do it.

Once you do get back into your PC, you need to immediately go to your MS account and get the bit locker recovery key.

Luckily I don't have to fight this. If this screen ever changes, bad.

Back in the day, a hiren's boot CD and clearing SAM would take 10 minutes. But now, it's almost always bad news: like a doctor with a terminally ill patient.

Part of me is about 60% sure this is exactly what Microsoft was trying to prevent by introducing all this BitLocker trash. There are ways around it but invasive and nothing that would help here. It's insane how much Microsoft deliberately attempts to take control over the computer. First it was TrustedInstaller, then Indexing and now BitLocker. You probably already know this but the way BitLocker services are rootkit'd into Windows by driver and service, it will cause Windows to throw kernel panics if certain components are missing from the boot order. I don't deal with this at all on 2016 but 10 is so hosed it's a wonder more people aren't fighting it and running into stumbling blocks like I did.

 

[Geofrancis]

I dont use bitlocker, I had it set as a local account. I never forgot any of my information, there is nothing wrong on my end. People keep missing the point that I never wanted this on my pc it was forced on it by Microsoft, they turned my local account into a Microsoft account by deception. Now they wont send the SMS to login to an account I never wanted associated with the computer account.

Should have disabled 2-factor authentication before changing hardware.

If it was still a local account like I originally set it up or if Microsofts 2FA actually worked then I wouldn't be in this position.

 

[IsHacker]

I have found myself in the ludicrous position of being locked out of my own pc.

I recently had a USB issue with a motherboard making it not boot anymore, it's a pain in the arse, but it's not the end of the world, I ordered another board and will send this one back, back up and running in 3 days or so I thought....

I pulled everything out of the case, installed the new motherboard and replaced all the hardware back in and it booted up ok after some warnings about no saved settings from the bios, then it got to the windows login screen fine. OK I thought, I just need to get my dock plugged back in and il be up and running. It's the same chipset, so I shouldn't need to do anything other than some utilities.

Unfortunately, when I clicked my username, it gave me a message of "PIN INVALID" and that I need to log in with my Microsoft account. No big deal I thought, so I logged in, and then it asks me for the last 4 digits of my phone number to send me an authentication code. So I put the phone number in, and it says It's sent it, but nothing ever arrives. I tried a few times. I have even waiting 24 hours and tried again and still nothing.

I found an option to change the authentication to an email address, but that now takes 30 days to transfer.

I know there is nothing wrong with my phone number because I got a text instantly when I requested to change the authentication to email, but the code never arrives. It's not in any spam folders, it just never arrives.


So now im locked out of my own PC I built for the next 30 days because Microsoft forced me to put a pin code on when I had no choice but to use a Microsoft account on it to retrieve a windows key.


If anyone had any ideas before I format my computer and install windows 10 I'm listening.

Why don't you guys just use linux? Believe me, it's wayyy better. I'm surprised that so many people are using that stupid spyware os which is "sold" (yes, sold! Why on EARTH would you want to buy an operation system with MONEY?) by Microsoft. If you still want to use it, only use it when you are gaming and doing stuff which are graphically intensive. For everyday works, just use linux!

 

[KLMR]

Consider yourself lucky: you didn't turn on bitlocker.
It could be a lot worse.

 

[Geofrancis]

Why don't you guys just use linux? Believe me, it's wayyy better. I'm surprised that so many people are using that stupid spyware os which is "sold" (yes, sold! Why on EARTH would you want to buy an operation system with MONEY?) by Microsoft. If you still want to use it, only use it when you are gaming and doing stuff which are graphically intensive. For everyday works, just use linux!

I have several linux systems, I have tried to move to linux completely but things just never work 100%. its great for server style tasks, I have several unraid systems running VMs and pi's running 3d printers and automation systems but the problem basically boiled down to drivers. There was always some piece of hardware that never worked right when trying to use it for desktop, my creative sound cards were always an issue and the cameras i had didnt work. laptops always have weird parts that don't work 100% like card readers, audio switching, GPU switching, shortcut keys or power management.

Consider yourself lucky: you didn't turn on bitlocker.
It could be a lot worse.

I dont use my C drive for anything other than windows, its a Intel Optane 900p, my user account folder is on a 2tb NVMe SSD and my gmes are on a third large SATA SSD so it's not going to be too bad to format, the worst part is getting my software dev environments back up and running.

 

[lexluthermiester]

I dont use bitlocker, I had it set as a local account. I never forgot any of my information, there is nothing wrong on my end. People keep missing the point that I never wanted this on my pc it was forced on it by Microsoft, they turned my local account into a Microsoft account by deception. Now they wont send the SMS to login to an account I never wanted associated with the computer account.

If it was still a local account like I originally set it up or if Microsofts 2FA actually worked then I wouldn't be in this position.

Mate, never use a microsoft account for ANY form of authentication! The problems described in this thread are exactly why. Given what you've said in this thread, you will need to format no matter what you do. Going back to Win10 is an option, but that will only last for a couple more years. It's better to learn how to defeat microsoft's ill effing bull$h!t. If you'd like some info on how to do a "proper" decent install of Windows11, come over to the Windows 11 discussion thread and ask away. A good start would be to use Rufus to write your install ISO to a USB drive, enabling the key options involved.

See screenshots below.

Why don't you guys just use linux?

Can we please hush up about this? "Switch to Linux!!!" is not a valid solution to this problem.

@ microsoft

 

[IsHacker]

Can we please hush up about this? "Switch to Linux!!!" in not a valid solution to this problem.

I'm not providing any solution, it's just a comment. I'm telling this for your own good. If you don't want to use linux, I don't care. It's your choice if you want to willingly fall into Microsoft's trap i.e use windows.

 

[TheLostSwede]

Did you try contacting Microsoft Support? They should be able to resolve this issue for you.

 

[lexluthermiester]

where is this menu, i cant find it?

It shows up after you click on "Start".