New
#1
See also:
New Windows 10 Insider Preview Fast Build 18309 (19H1) - Jan. 3 Insider - Windows 10 ForumsSigning in to Windows with password-less Microsoft accounts on all Windows editions
'The next version of Windows 10 will support passwordless Microsoft accounts. Microsoft will just text a code to your phone number when you sign in. It’s all part of Microsoft’s stated goal: “a world without passwords.”
...Here’s how it works: You can now create a Microsoft account without a password. Instead, you just provide your phone number. ...
...Simply go to Word and sign up with your phone number by entering your phone number under “Sign in or sign up for free”...'
Source: Microsoft Wants to Kill Passwords, Starting With Windows 10
MS wants a "world without passwords." And, your phone number.
See also:
New Windows 10 Insider Preview Fast Build 18309 (19H1) - Jan. 3 Insider - Windows 10 ForumsSigning in to Windows with password-less Microsoft accounts on all Windows editions
Hi there
@Bree
passwords are fine -- better might be a phrase.
I just hope they don't go in for these biological things -- I've seen too many gory Hollywood movies where eyes, fingers etc are removed to poodlefake the sensor devices to overcome the access. !!!
Phone access is also no good -- what happens if you are in a place with no signal - in any case why should one have to carry a mobile phone all the time -- I'd suggest one day a week away from mobile phones, facebook, twitter etc. And in any case why should I divulge my phone nr to any 3rd party.
Cheers
jimbo
Twitter security flaw uses text spoofing to hijack UK accounts
Nuh, thanks MS, I will keep using my 100+ characters long passwords.
Indeed, besides, a password can be easily changed, but people can not change an eye or a finger, once it gets spoofed. Biometrics is just data, like anything else, once it leaks, it is pretty much game over.
Nowadays, when people ask for advice for better password construction, I recommend to skip the upper or lower scripts and strange characters and just go for a long or very long sentence, which is easier to remember and, I understand, takes longer to crack by brute force.
Indeed, besides, a password can be easily changed, but people can not change an eye or a finger, once it gets spoofed. Biometrics is just data, like anything else, once it leaks, it is pretty much game over.
Yep, and there's the digit-clipping or eye-gouging possibility, which becomes likely when the stakes are high enough or the perpetrator is crazy enough.
Asides from SMS based authentication and/or 2FA based on SMS having its own security issues, installation of Windows 10 not withstanding...
Installing Windows 10 with local account still remains and option, correct?
Last edited by Cr00zng; 05 Jan 2019 at 09:07. Reason: Clarity...
Hi there
Cloud Cuckoo Land !!!
not everybody wants to be on the Internet all the time -- in any case LOW TECH can often defeat far superior technology etc
Even with a yet to be built quantum computer you can't decode (mathematically proven) a 1-time pad code !! and while emails etc can be intercepted / followed -- I doubt if even the entire resources of the USA's F.B.I could track a piece of mail once dropped into an old fashioned snail mail box of U.S Postal service !!!.
Drones also can for example be tracked -- but try a bit of old fashioned falconry or pigeon carrier -- people of devious means and minds can always defeat high tech even if it means using techniques from previous centuries.
I'll pass on the cloud stuff -- OK for businesses etc who want to outsource their I.T stuff but for me --no thanks.
Cheers
jimbo
Well, most people do have ten fingers , but I get your point...
Password based authentication built-in to the OS and as such, there's no additional cost. The SMS based 2FA authentication extends password based authentication, via an existing "infrastructure" such as cell networks and smartphones. These are the two most popular authentication options, due to no additional financial impact for the end user. Security implication be damned...
In my view, password based authentication is getting beat up for the lack of OS security.
Take the client systems for example. If the device is exploited does it really matter what the authentication solution on this device? I think not...
How about servers, more pointedly authentications server. If the server is exploited, does it really matter what the password strength, or the type of other password authentication is? I think not...
Shouldn't the underlying OS be secured, prior to relying on biometric authentication? To you point, would it make a difference for an exploit to steal password hash, or biometric data files? I think not...