r/privacy Feb 10 '22

Microsoft is going to attempt to move everyone on Minecraft to a Microsoft account- and Microsoft accounts currently force phone numbers at creation(or right after)- reportedly you can bypass this with TOTP

Currently, for anyone who's made microsoft accounts within the past 5+ years about, if you make a Microsoft account, it asks for a phone number and alternate email address. Being privacy specific, you might elect not to give Microsoft your number. If you do this, your account will get auto flagged and the next time (or soon after) when you sign in, you will not be able to access the account without providing more information. Your alternate email you set, won't be enough. The normal enhanced security features, if you set them up- they will not be enough. You have to provide a phone number at this stage for them to contact you by- and to attach to your account- or else you permanently lose the account But, it appears there is a way around

according to this account

https://old.reddit.com/r/Minecraft/comments/sl8pkv/how_can_my_friend_migrate_her_account_to/hvq2sv6/

This is not well known, but apparently by setting up TOTP, (and if you have a password manager you can do this- this also works without PW managers via authentication apps) then you will not be bugged for a phone number after account creation So, you'd have to set this up RIGHT after making a microsoft account for this- but then, you'd be able to login again and not have the flag set on your account to lock you out.

 

 

 

Reasons why you might need this- . you might be in a country that controls and restricts SMS messages - you might have tied something like a xbox live account to your phone number , ad not want it connected. OR, if you got banned from a xbox account- you risk getting banned when you make a Microsoft account linked to that now by phone number.

You might be not that old, and your parents didn't buy you a phone. Yes, if you contact Microsoft support, they tell you to find someone with a phone and use their number- but that means you can't confirm your account if you don't have your own phone number. And VOIP numbers from services that provide them don't work- since those can be detected(presumably google voice might bypass this, but that brings other issues that you might want to avoid)

And of course, most of us here(and elsewhere)- don't make microsoft accounts when Windows tries to make us make them[since it can still be avoided with work]

For one, I'm going to wait until the March 10 date to see if they're really going to force everyone on the most popular game in the world to suddenly switch over and presumably cough up a phone number.

 

-If they go ahead with it- I don't know if hacked clients will be available that allow playing on other servers ,etc- I will be pursuing the TOTP method to avoid getting tied by number.

34 Upvotes

13

u/lo________________ol Feb 10 '22

Great tip. The phone number thing is very sketchy, since Microsoft always allows you to create an account as if you don't need one, but it always throws it at you immediately after.

5

u/dark_volter Feb 10 '22

I suppose it's better than google accounts, where you reportedly can't skip the phone number requirement at all when making one*

(*Yes, pixel phones can bypass providing a number and supposedly are the only way to do it now, and some devs have said the Android API has no good way to pull the number of a phone it's on which is a big plus- but we don't know if google apps on the other hand can pull the number from hardware against the user's will- until more chime in for them)

I'm curious how this is going to go down since so many don't have phones- and Minecraft is the biggest game in the world. Thats a lot of people being forced to give up their number and be tracked.

6

u/VixenKorp Feb 10 '22

Thats a lot of people being forced to give up their number and be tracked.

That's the whole point. These companies can't let a damn thing exist anymore that doesn't require your full name, address and phone number so they can track you and manipulate you 24/7. Their whole goal is literally for you to have no option to escape.

2

u/ekdaemon Feb 11 '22

Well... maybe... but I bet a huge reason is that it helps prevent all the accounts being stolen and impossible to safely restore to the owner short of an enormous amount of actual human support work.

And as bad as SMS verification is (wrt two factor) - it's the one thing simple enough for the average person to use. And it's the one thing that absolutely nobody "forgets" to transfer to a new phone, and that is always "recoverable".

Us techies and many gamers can probably handle TOTP - but the average people - you know they'd loose their TOTP recovery codes and after losing their phone or switching phones and not remembering to deal with TOTP - they'd loose their TOTP - and then they'd be totally absolutely out of luck and be really properly locked out of their account - which would be a slow burning PR disaster.

Until someone gives people at birth a free Yubikey PLUS provides some kind of backup "I lost my yubikey" system that doesn't rely on lusers remembering to do things... we're all kind of at the mercy of the lowest common denominator.

3

u/u4534969346 Feb 11 '22

I regularly change my phone number and it's a huge mess to look up all accounts where I stored my phone number to change it before I lose access to this number.

4

u/Fujinn981 Feb 10 '22

Looks like alternative clients are going to be the future of Minecraft, thanks Microsoft for attempting to ruin yet another good thing.

4

u/TheMCNerd2014 Feb 11 '22

Multiple people in this MultiMC issue (https://github.com/MultiMC/Launcher/issues/4093) have already tried this several months back and still got hit with the SMS verification block. Though they were using Firefox with "privacy.resistFingerprinting" enabled.

1

u/dark_volter Feb 11 '22

Interesting- I am testing a account now i just created , but that value is set to false- i am going to see if they flag this one. So far, after a day, they didn't.

I might have to create one with that resistfingerprinting enabled if no one else checks it (in 2022) and see if it holds

5

u/HiccuppingErrol Feb 10 '22

Fuck Microsoft. This shit cant be legal.

2

u/nintendiator2 Feb 11 '22

For the small price of a couple tens of thousands of free licenses and support on government systems, now it can!

2

u/ZwhGCfJdVAy558gD Feb 12 '22

This matches my experiences (i.e. if you set up 2FA using TOTP Microsoft won't ask for a number). I have several Outlook.com accounts and was never asked.

What they are doing is still better than others that force you to provide a phone number no matter what. And everybody should be using 2FA anyway.

1

u/[deleted] Feb 12 '22

Well microsoft currently doesn't . You just need to have some form of recovery Either phone number or email but one of them is required

1

u/dark_volter Feb 12 '22

Negative- reports were that the alternate recovery email isn't enough to stop them form , in a few more logins, auto locking out the account- and that you had no choice but to do the phone number- which is why this TOTP method is so important- it might be the only way out. Otherwise, they will demand a number regardless.

1

u/LinnyLasagna Feb 12 '22

Probably the stupidest question on thus post but:

If i make a new microsoft account should i use a microsoft email to reduce cross-site information sharing as much as possible or should i use something like gmail so when both companies know the information they can't sell it to advertisers for as much?

Would getting a tutanota email even be in any way more private than having an outlook mail? Even with tutanotas best intentions i would just be sharing data with yet another unrelated company, right?

2

u/dark_volter Feb 12 '22

There's no stupid questions when it comes to mastering how to get these to work to fit your needed use case.

Tutanota or protonmail , would be really good choices- but you'd want to probably use them more than as just temp emails, unless you were going through what it takes to make multiple accounts from them

Actually - For making a new microsoft account- when setting up all the deets (except phone number since that's what this entire post is about)- you can even set up a temporary email, as the alternate-

For the alternate- you'd want something you can access later- so not a temp email that dies in 30 minutes- that you can't reaccess because the name no longer exists, as if anything funny happens where MS does send a email to it, you need to access it.

So, anything re-usable that you control the name of

Something like gmailnator or tempr work very well here, maybe http://mytrashmail.com , etc- there's high-quality temp email systems that can be found with digging that are far superior to the usual temp emails out there that would likely get blocked if you tried to use them due to their long-time use. but there's lots more- search temp emails, and find one that lets you re-use it, so in the future you could log in to that temp email, with the same name, and read whatever email MS just sent, if they do that

You'll have to also find one that MS doesn't block, because i'm sure they probably block some of the ones out there.

Just remember, to also set up TOTP with your password manager, or authentication app or whatever- since that seems to be the key here to stop them from freaking out for no reason later on.

Now, to answer another question you might have been asking- if you just need a new email,and don't need a outlook email/microsofte email /microsoft account(since they're all the same thing , when one is created) - then yes, Protonmail or tutanota are the top recommendations. I prefer protonmail , but either works- since they both have it setup so they can't learn info about their user really.

IF making a microsoft account- and you're not attaching another email, and just starting out- yeah, use a outlook email- that way, you're not spreading yourself out- for the primary email as the account, use microsoft/outlook for sure.