If you go to


You can see which consoles don't require your password, if you click (require password) then next time you log in it will ask you for your new one, until you put auto log in back on.

You can also use this to see if the profile has visited any other machines lately.

If you set your profile on your Xbox to require a password on sign-in, you'll need to use the new password.

I posted this on rllmuk the other day, about password changes:

Something worth noting with the dash change. Previously, if you wanted to move your gamertag to a friend's Xbox you had to recover it, and then when you got home you had to recover it again back to your old Xbox. If a hacker got your profile and didn't change the password, you could recover it back to your Xbox with a new password.

Now, your gamertag can live on both Xboxes together, without the need to recover it back and forth.

This should be ace, but when you set your profile to auto-sign-in, it doesn't ask for the password. It doesn't even request a saved password from a server anywhere. So, if you change your password on a PC, you can still sign in on an Xbox without needing to enter the new password. (Try it.)

If a hacker gets your account and sets it to auto-sign-in, you can change your password and they'll still be able to sign in as if you hadn't changed a thing.

I used to think this was solely down to phishing, but having spoken to a friend who works in Xbox support I'm not so sure now. After getting the corporate spiel about phishing and protecting your identity online from him, he added "And if I comment I get my P45 ...."

Inside job me thinks

Why they don't implement a 2nd level to the sign in system is beyond me. Just have them send a login pin to your mobile etc if you sign in on a new console.

Yeah this works, if you change your password then force known consoles to login regardless of auto sign in. I tried this and it wouldn't let me sign it until I recovered my account.

never rule this stuff out

A number of year ago I worked for a company which did outsourcing work for a well known company. On a number of occasion we would get requests from staff based offshore to send document scan to private email addresses instead of their company emails.

We red flagged this with management who got back to us saying no staff member should use private emails and they should be reported. So when ever we got a request like that with a private email we reported the staff member. But who's to say in other companies people are not so smart.....

It's possible.

The argument I keep seeing, which makes me laugh, is basically, "If it were that bad, every account would be hacked". That's a frankly stupid thing to say. If it's operating in a organised crime manner, they'll siphon money from accounts for as long as they can, a couple of hundred or whatever accounts a day. I don't think this is a bunch of hacker kidz looking to make a name for themselves.

I was being semi-serious with the inside job as I do think there's a slight possibility: MS has a lot of employees and not all of them are going to be saintly, though you'd like to think given their experience with active directory and databases that the system was designed in a way that didn't let staff get away with resetting accounts and syphoning details of its users off.

It was the P45 thing that raised my eyebrows mind, I've known this chap for a long time; I was saying, that's just a load of corporate spiel and BS just there and the reply was I can't say anything it'll cost me my job, that made me think twice. Microsoft tried to sweep the RRoD thing under the carpet too, and look how that turned out eventually.

Maybe putting a pre-paid credit card on the account is the way to go.

Even though you've left the thread, thanks for this link, I had no idea about it.

I'm trying to get my Live accounts in shape before I format the hard drive and sell on the 360 this week. I was worried because the Live account with a credit card on file is linked to a Live ID I don't use so I'd probably have no way of knowing if it was compromised until my cc bill appeared. As it stands, the cc expired last month and my Live sub attached to it ends on Tuesday so I should be able to remove it then(already have auto renewal off)

I'm assuming my other two accounts that have only had codes used for Live and points should be ok? I guess someone could recover the accounts to a console and download the games I bought with them...

Just a tip for anyone who needs it, Microsoft won't discuss removing payment options via email, but they will do it by the Customer Support chat option on the Xbox.com website.

Just had a chat with them where they first tried to say I'd have to wait until the subscription expired before I could remove the payment option. I pressed that I knew they could cancel the Gold sub and email me the remaining times as codes to redeem it and there was no more questions asked. They said it might take 24 hours but the codes had came through before the rep had even signed off chat.

I did laugh though; when I pressed I knew they could do it, I said that I was aware of all the concern about Live being hacked or my account being phished and I wanted them taken off as a precautionary measure. The only thing the support rep acknowledged about that was "the only way your account could be phished is if you give your log in details to someone". There was no attempt at a denial that Live could be hacked


I'm sure that was just a oversight in their wording, but given all the concern I did properly lol at the (deliberate?) omission. One for the conspiracy theorists no doubt

Oh here we go again, now where conspiracy theorists

More likely they're not allowed to mention the H word in case it's somehow misunderstood. They've got the company line and they're repeating it - User Fault.

These strikes were wrong at a time when negotiations were taking place.

Careful, people will start saying you're a conspiracy theorist....

Wow. Really, just wow.

You two have got your knickers in such a twist over this thread that you've actually managed to vanish up your own arses about any innocuous comment.

Add me to the list of people done with this thread. It's now insanity of the highest order and I'm too busy at the moment to put up with this level of lunacy.