Revealed! Crucial detail that Windows 10 privacy critics are missing

Kari · 07 Mar 2016

Frisco said:

Yeah the "misusing the data" they collect is the far fetched concern. The "what if" on being hacked is still a slim possibility, but we've seen huge hacks in the recent past.

In particular I was surprised to see the "inking" default set to on. "Inking" and keystroke and all that adds up to passwords and anything else we input to our machines using this OS.

If some of the major players like Microsoft, Google and such would one day be hacked and user credentials stolen, those users who have not set up multi factor authentication and had their accounts accessed would only have themselves to blame.

I have no worries. If someone gets my MS account email and password, they are pretty much useless. I have the two-step verification set up, you can do nothing with password only. To get to my email account, OneDrive, any personal information you also need access to my mobile phone or my home phone to get the verification code.

You cannot access my account and see my information at outlook.com, onedrive.com, live.com or any of the other MS sites without a verification code. You cannot reset my password nor can you change any of my information; for that you would first need one verification code to sign in and see my information, then another code to change the information. You cannot set up a Windows user account using my MS account without a verification code.

Being afraid about a possible hack to MS servers is as far as I am concerned pretty much a useless fear. We consumers have to trust some basic things, for example you don't stop flying because some planes do not reach their destination. Of course not, you continue flying because you know it is by far the safest mode of transportation. Not the best metaphor but you get my point.

dencal · 07 Mar 2016

Fully agree Kari...my last verification code to my personal phone consisted of seven numbers and these change constantly.
The odds of cracking that....zillions to one.

groze · 07 Mar 2016

I personally think it is silly to require a mobile phone to log in to an account. That why we closed our yahoo accounts. At least Microsoft allows you to use another email as verification instead of a mobile phone. Facebook still allows account without mobile verification but they bug you about it. Google still allows accounts without mobile verification but they bug you about adding a mobile number. Twitter no mobile number needed at all.

Kari · 07 Mar 2016

groze said:

I personally think it is silly to require a mobile phone to log in to an account.

What a statement that is! Respecting the forum rules I cannot express my honest opinion but Oh S***!

What could be safer and easier? When on the road, the mobile is always with me; when stopping by in a pub or Internet Café, when at airport or hotel, when visiting friends, whenever I want to / need to check my email, I can use any PC to sign in, enter my verification code from my mobile phone, and be safe. OF course I can use my email, OneDrive and stuff also on my mobile but I am talking about situations you'd prefer a real computer but do not have your laptop with you.

When leaving, I sign out and that's it. No worries that the next user of that PC gets in to my account.

dencal · 07 Mar 2016

It does not only have to be a mobile phone, home phone is also possible.

Kari · 07 Mar 2016

dencal said:

It does not only have to be a mobile phone, home phone is also possible.

Yes, of course. And even with a mobile phone you can still select if you want to receive the verification codes by text messages or a phone call.

I use a Windows Phone and the Microsoft Authenticator app, to be able to get the codes even in rare occasions when I do not have any network coverage or the phone is for any purpose in flight mode.

groze · 07 Mar 2016

Kari,

Keep in mind not everyone has mobile phone. I have a non smart pre-paid phone that cost per text & per call (10 cents a minute). I use page plus minute plan. We today's economy I am not ashamed to use it.

I am not sure if you could still use Thunderbird email program to check your Microsoft outlook.com if you have two step verification turned on.

Actually, you need more then just two step verification to work. What happens if the mobile phone get stolen or lost or quits (My mobile died) you won't be able access your email or account. At least for Microsoft you can change it but you have to wait 30 days before you can fully use it.

dencal,
I know that. Most places do allow home phone number because some don't have a mobile & some use VOIP. Once yahoo allows home phone number again, I may sign up again.

Kari · 07 Mar 2016

groze said:

Kari,

Keep in mind not everyone has mobile phone.

I was not telling that everyone should have a mobile phone. Of course I know and fully understand that not all people want it.

My reply to you was based on this utterly **(¹) and ******(¹) comment of yours about it being silly to use mobile phone for added security:

groze said:

I personally think it is silly to require a mobile phone to log in to an account.

That being said, let's move on:

groze said:

I have a non smart pre-paid phone that cost per text & per call (10 cents a minute). I use page plus minute plan. We today's economy I am not ashamed to use it.

First, any mobile phone can be used for security verification code texts and calls. It does not has to be a smart phone.

Once again I admit my lack of knowledge about the US phone systems but it sounds very odd in my ears that you'd need to pay for the incoming text messages and calls? All MS, Google, PayPal and so on security verification codes come automatically to your phone when you have enabled the feature and entered your password on a sign-in page, without you needing to send a single text or make a call.

In Europe that would be forbidden and impossible, MS or the phone company to charge you for the incoming text or call.

Kari

(¹) = Censored in accordance to the forum rules.

Frisco · 07 Mar 2016

Some good reading in this thread.

But sometimes it seems that a germ of concern in this subject is being exploited a bit by both sides, while in the middle somewhere is common sense. I'm hoping that my position is in that common sense area. Maybe I'm mistaken about that. My position being that Microsoft should dedicate more user choice and have it "out front" as choices. In a way some of it is during installation. They did change it a bit with different builds.

But it took public outcry. So, without that outcry what would users be left with? All I know is that I'm uneasy with some of what they're doing, thus my default OS being Manjaro and my default browser being Tor.

For now we do have those choices of OS. No thanks to Mr. Gates who saw to it early on that Suse and Red Hat could not sit next to Windows 98 in Best Buy, etc.

Winuser · 07 Mar 2016

OK' I'll admit I'm stupid so I have to ask. What does MS collecting user data have to do with someone's MS account?