Share via

Locked out of my own PC for hours because Microsoft's sign-in and security flow failed

Jhonas Boeno 1 Reputation point
2025-12-10T04:02:15.5833333+00:00

I'm writing this because today I was locked out of my own PC for almost three hours due to a combination of Microsoft account/security design decisions and service failures. As a paying customer (including Xbox Game Pass Ultimate), this experience was extremely frustrating and, in my opinion, unacceptable.

What triggered the problem

This all started after I activated Xbox Game Pass Ultimate on my account and tried to play Call of Duty. The game warned me that my BIOS firmware was out of date and that I should update it. On AMD's website, there was indeed a BIOS update explicitly described as improving gaming performance.

I installed the BIOS update and rebooted my PC.

PIN removed after BIOS update

After reboot, my Windows Hello PIN had been removed. Windows told me I had to sign in again with my Microsoft account to re‑enable the PIN.

That in itself is not a problem. I know my password, and I have it stored in a password manager. However, when I entered my password, I got the message:

"You've tried to sign in too many times with an incorrect account or password."

I am absolutely certain I typed the correct password (copied from my vault), and I'm using this exact same password right now to access my account while writing this post. So at that time, I was blocked for no valid reason.

Recovery flow that doesn't actually let you recover

Since my password wasn't being accepted, I tried to go through the account recovery / verification flow. I have everything needed to prove that I am the account owner:

  • TOTP 2FA code generated by an authenticator app
  • Access to my phone number

I started the recovery process, entered the authenticator app code exactly as Microsoft requested, and I assumed that would be enough. It wasn't.

After the TOTP code, Microsoft additionally required the last 4 digits of my phone number to send me an SMS. Again, that's fine in principle — except that this is where everything completely broke down.

SMS "service unavailable" for over an hour

I entered the last 4 digits of my phone number, and each time Microsoft tried to send the verification SMS, I got a message saying that the service was unavailable at the moment. The page still showed buttons like "try another way," but in my case there was no other way: only the authenticator app code and the phone number were configured.

So I ended up in a loop:

  1. Correct password rejected as "too many incorrect attempts"
  2. Start recovery
  3. Provide correct TOTP code
  4. Forced to also use SMS
  5. SMS service "unavailable" over and over
  6. No alternative path offered

I spent more than an hour trying again and again, without success.

No information, no status, no guidance

I also checked Microsoft's help pages and account/security pages, and there was no visible indication of a block or lockout on my account. I had absolutely no information about:

  • Whether my account was temporarily locked
  • How long any lockout would last
  • Whether there was any ongoing service issue with SMS
  • What support channel I was supposed to use if both password and 2FA flows fail

From a user perspective, it looked like my account was in good standing, yet I could not sign in to my own PC because the system would not:

  • Accept my correct password
  • Let me complete verification solely with an authenticator app code
  • Deliver SMS codes or provide any alternative method

Everything "magically" works again after midnight

Eventually, sometime after midnight, everything suddenly started working again. I assume some internal lockout or throttle got reset. But I never received any notification or explanation. There is no visible trace of this incident from my side — only the fact that I lost several hours of access to my own computer.

Why this is a serious problem

I fully agree that Microsoft must prioritize security. However, security that fails in this way — and leaves a legitimate user with:

  • A correct password that is rejected
  • A valid authenticator app code that is not sufficient
  • An SMS channel that doesn't work
  • No alternative recovery path and no clear information

— is crossing a line. This is not "extra security"; this is a reliability and design failure that directly harms users.

Being completely locked out of my own device for hours, with no clear reason, no status information, and no working backup mechanism, is the kind of experience that seriously undermines trust in the platform.

I hope someone at Microsoft takes this issue seriously and reviews both the design and reliability of these sign-in and recovery flows.

Windows for home | Windows 11 | Accounts, profiles, and login
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-10T04:02:38.4233333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It sounds like you experienced a frustrating situation with Microsoft's sign-in and security processes. When dealing with issues like being locked out of your account, there are a few steps you can take to troubleshoot and potentially prevent future occurrences:

    1. Confirm Credentials: Ensure you are using the correct credentials. Sometimes, similar-looking accounts can cause confusion. Make sure you are entering the right email and password combination.
    2. Account Recovery Options: If you find yourself locked out, utilize the account recovery options available. You mentioned using TOTP and SMS; ensure that your recovery methods are correctly set up in your Microsoft account settings.
    3. Check for Service Issues: Occasionally, there may be service outages affecting SMS delivery or account recovery processes. You can check the Microsoft service status page for any ongoing issues that might affect your account access.
    4. Emergency Access Accounts: To prevent future lockouts, consider setting up an emergency access account (also known as a break-glass account) in Microsoft Entra. This can provide a backup method to access your account if standard methods fail.
    5. Contact Support: If you continue to experience issues, reaching out to Microsoft support can help resolve account access problems. They can provide assistance tailored to your specific situation.

    Your experience highlights the importance of having reliable recovery options and clear communication from service providers, especially when security measures can inadvertently lock users out of their accounts.

    References:

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.