See also:

Signing in to Windows with password-less Microsoft accounts on all Windows editions

New Windows 10 Insider Preview Fast Build 18309 (19H1) - Jan. 3 Insider - Windows 10 Forums

Hi there
@Bree
passwords are fine -- better might be a phrase.

I just hope they don't go in for these biological things -- I've seen too many gory Hollywood movies where eyes, fingers etc are removed to poodlefake the sensor devices to overcome the access. !!!

Phone access is also no good -- what happens if you are in a place with no signal - in any case why should one have to carry a mobile phone all the time -- I'd suggest one day a week away from mobile phones, facebook, twitter etc. And in any case why should I divulge my phone nr to any 3rd party.

Cheers

jimbo

TairikuOkami said:

Nuh, thanks MS, I will keep using my 100+ characters long passwords.

Nowadays, when people ask for advice for better password construction, I recommend to skip the upper or lower scripts and strange characters and just go for a long or very long sentence, which is easier to remember and, I understand, takes longer to crack by brute force.

Indeed, besides, a password can be easily changed, but people can not change an eye or a finger, once it gets spoofed. Biometrics is just data, like anything else, once it leaks, it is pretty much game over.

Yep, and there's the digit-clipping or eye-gouging possibility, which becomes likely when the stakes are high enough or the perpetrator is crazy enough.

TairikuOkami said:

For now, I give it another 2-3 years till MS finally moves to fully cloud OS. It is inevitable.

Hi there

Cloud Cuckoo Land !!!
not everybody wants to be on the Internet all the time -- in any case LOW TECH can often defeat far superior technology etc

Even with a yet to be built quantum computer you can't decode (mathematically proven) a 1-time pad code !! and while emails etc can be intercepted / followed -- I doubt if even the entire resources of the USA's F.B.I could track a piece of mail once dropped into an old fashioned snail mail box of U.S Postal service !!!.

Drones also can for example be tracked -- but try a bit of old fashioned falconry or pigeon carrier -- people of devious means and minds can always defeat high tech even if it means using techniques from previous centuries.

I'll pass on the cloud stuff -- OK for businesses etc who want to outsource their I.T stuff but for me --no thanks.

Cheers
jimbo

TairikuOkami said:

Twitter security flaw uses text spoofing to hijack UK accounts

Nuh, thanks MS, I will keep using my 100+ characters long passwords.


Indeed, besides, a password can be easily changed, but people can not change an eye or a finger, once it gets spoofed. Biometrics is just data, like anything else, once it leaks, it is pretty much game over.

Well, most people do have ten fingers , but I get your point...

Password based authentication built-in to the OS and as such, there's no additional cost. The SMS based 2FA authentication extends password based authentication, via an existing "infrastructure" such as cell networks and smartphones. These are the two most popular authentication options, due to no additional financial impact for the end user. Security implication be damned...

In my view, password based authentication is getting beat up for the lack of OS security.

Take the client systems for example. If the device is exploited does it really matter what the authentication solution on this device? I think not...

How about servers, more pointedly authentications server. If the server is exploited, does it really matter what the password strength, or the type of other password authentication is? I think not...

Shouldn't the underlying OS be secured, prior to relying on biometric authentication? To you point, would it make a difference for an exploit to steal password hash, or biometric data files? I think not...