Can't login to Skype? You're not alone. Chat app's been a bit crap for five days now

Something something two-factor authentication – Microsoft


A bunch of Skype users are unhappy that they're been unable to sign into the VoIP service for several days.

The yakkity-yak app has fallen flat since January 24, leaving a number of punters with two-factor authentication enabled unable to get back into the software after signing out.

"Skype users who are signed in are not affected," Reg reader C. F. Heyns told us today. "Anyone signing out has almost no chance of getting back in."

Folks have also taken to Twitter to complain:

Our tipster noted that using web.skype.com to log into the service is one possible workaround.

Microsoft acknowledged on its Skype status page that there is a gremlin in its code. The Redmond giant would not say when it expects to resolve the problem, though. Right now, there is "limited service" available, we're told – by that the app's team means there is a limited ability to login – but no other problems are noted.

"Some users might be experiencing problems when signing in to Skype," a Skype support page admitted. "There might be error messages about connection issues or incorrect credentials."

Microsoft's spokespeople were similarly vague when pressed for comment, but alleged the problem is limited to a small number of customers.

"We’re working to resolve a two-factor authentication issue for a small number of people," a Microsoft rep told The Register. "In the meantime, users can find a workaround and status updates at support.skype.com."

It's funny that Microsoft says this two-factor authentication cockup affects a "small" number of people – generally only a small number of netizens bother with two-step verification.

Microsoft has been working to better integrate Skype into its product lineup in recent months, bundling the VoIP app with its Cortana virtual assistant and trying out Signal for some encrypted communications.

Skype was also recently updated to mitigate an exploitable vulnerability in Electron, a Chromium framework for desktop apps. Microsoft's next scheduled security-related updates isn't until February 13's Patch Tuesday. ®


Other stories you might like

  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • Microsoft gives its partners power to change AD privileges on customer systems – without permission
    Somewhat counterintuitively, this is being done to improve security

    Microsoft has created a window of time in which its partners can – without permission – create new roles for themselves in customers' Active Directory implementations.

    Which sounds bonkers, so let's explain why Microsoft has even entertained the prospect.

    To begin, remember that criminals have figured out that attacking IT service providers offers a great way to find many other targets. Evidence of that approach can be found in attacks on ConnectWise, SolarWinds, Kaseya and other vendors that provide software to IT service providers.

    Continue reading
  • FabricScape: Microsoft warns of vuln in Service Fabric
    Not trying to spin this as a Linux security hole, surely?

    Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release.

    The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/write access to the cluster as well as the ability to execute code within a Linux container granted access to the Service Fabric runtime in order to wreak havoc.

    Through a compromised container, for instance, a miscreant could gain control of the resource's host Service Fabric node and potentially the entire cluster.

    Continue reading

Biting the hand that feeds IT © 1998–2022