Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Now Lets You Log Into Outlook, Skype, Xbox Live With No Password (cnet.com)

Posted by msmash on from the interesting-updates dept.

You and 800 million other people now can use hardware authentication keys -- and no password at all -- to log on to Microsoft accounts used for Outlook, Office 365, OneDrive, Skype and Xbox Live. From a report: Microsoft is using a technology called FIDO2, which employs hardware keys for the no-password logon, the company said Tuesday. New versions of Microsoft's Windows 10 operating system and Edge web browser support the technology. The hardware authentication keys plug into laptop USB ports or, for phones, use Bluetooth or NFC wireless communications to help prove who you are. Initially, they worked in combination with a password for dual-factor authentication, but FIDO2 and a related browser technology called WebAuthn expands beyond that to let the company ditch the password altogether.

Microsoft's no-password logon offers three options: the hardware key combined with Windows Hello face recognition technology or fingerprint ID; the hardware key combined with a PIN code; or a phone running the Microsoft Authenticator app. It works with Outlook.com, Office 365, Skype, OneDrive, Cortana, Microsoft Edge, Xbox Live on the PC, Mixer, the Microsoft Store, Bing and the MSN portal site.

60 comments

  1. APK Hosts File Engine for Windows... apk by Anonymous Coward · · Score: -1

    See subject: APK Hosts File Engine 11.0++ 64-bit for Windows h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r W i n d o w s . z i p

    Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

    Vs. "Bolt on 'MoAr' illogic-logic" slowing u hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploit!

    * ONLY 1 of its kind in GUI 4 Windows & supports port filters!

    APK

    P.S.=> Protects vs. all speculative execution exploits + scripts/trackers (faster vs. NoScript @ kernelmode level)/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware/malcript/email malicious payloads... apk

  2. This will end badly by Anonymous Coward · · Score: 1

    Guaranteed

    1. Re:This will end badly by ichthus · · Score: 3, Funny

      Comeon! If anyone can pull this off, it's Microsoft -- MASTERS OF SECURITY!
      </sarcasm>

      --
      sig: sauer
    2. Re: This will end badly by Anonymous Coward · · Score: 1

      What is so wrong with the FIDO spec? Passwordless, asymmetric authentication is absolutely the future and the right thing to do. Are you so blinded by Microsoft hate that you are unable to see this?

    3. Re: This will end badly by Anonymous Coward · · Score: 0

      Lul

    4. Re: This will end badly by bobstreo · · Score: -1

      What is so wrong with the FIDO spec? Passwordless, asymmetric authentication is absolutely the future and the right thing to do. Are you so blinded by Microsoft hate that you are unable to see this?

      You totally forgot the /s tag at the end of your satire.

    5. Re:This will end badly by jellomizer · · Score: 2

      But we do this all the time with SSH preshared keys.
      This isn't anything really new. The only thing that I don't expect Microsoft to realize is that still in 2018 There is still hardware that we share with other people.

      There is still often the Family PC, while the individuals may have a tablet or phone, for their small time computing.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    6. Re: This will end badly by Anonymous Coward · · Score: 0

      Are you some kind of moron-savant? Microsoft could fuck up toast.

    7. Re: This will end badly by Crash+Dummy+Redux · · Score: 2

      Looks like FIDOnet is still a thing after all these years.

    8. Re: This will end badly by Anonymous Coward · · Score: 0

      Mod this MOTHERFUCKING SHITMOTH

      DOWN!!!!

      It's just Chris Reimer with another sock pocket...

    9. Re: This will end badly by Aighearach · · Score: 2

      No, Idiots who can't say something comprehensible should probably shut up, instead of adding notations.

      Stop asking reasonable people to add unreasonable notations so that they can impersonate the babbling of morons.

    10. Re:This will end badly by AlanBDee · · Score: 1

      I haven't looked into it but you should be able to register multiple keys. I have three yubikeys linked to LastPass, my google account and anything else that I can link them to. My wife keeps one, I keep one and my safety deposit box keeps one. Of coarse, these aren't meant to replace a password, just augment it.

    11. Re:This will end badly by JMJimmy · · Score: 2

      I'll keep my password thanks Microsoft

    12. Re: This will end badly by WaffleMonster · · Score: 2

      What is so wrong with the FIDO spec?

      It's redundant, client certificates have been widely deployed for decades, achieve the same result, are standardized and cheaper (both in terms of software and hardware solutions).

      What is most wrong with it is that USB is used instead of a dedicated interface such as a smartcard reader. USB is a massive attack vector. For it to be required for basic authentication in my view is irresponsible at best. Someone replaces your USB key when you are not looking and when you plug it in next it's a HID that executes shell commands to install a RAT or it's a class device that takes advantage of driver vulnerability to root your system. Attack surface of USB is gargantuan.

      Security sensitive environments explicitly restrict USB for a reason. Turning around and requiring it for access is brain-dead stupid.

      Passwordless, asymmetric authentication is absolutely the future and the right thing to do Are you so blinded by Microsoft hate that you are unable to see this?

      I don't view your assertions as valid on their face.

      The selection of any single factor (know, have, are) or chaining of one or more for authentication each have their strengths and weaknesses. It's generally a good thing that more methods are made available so people and organizations can chose options that best fits their needs based on careful consideration of requirements and tradeoffs.

      There is no panacea. There is no one solution. The idea the "future" is necessarily dominated by what you have or considered "the right thing to do" is not apparent to me at all.

  3. FIDO my butt... GAYpk by Anonymous Coward · · Score: -1

    First Into my Dick Orifice... GAYpk

  4. Office Dongles by xxxJonBoyxxx · · Score: 0

    >> hardware authentication keys...Microsoft accounts used for Outlook, Office 365

    That smells like an "Office dongle" to me. Thank God the world is moving on to Google Docs as their default office suite.

    1. Re:Office Dongles by Anonymous Coward · · Score: 5, Interesting

      The FIDO2 standard is managed by the FIDO Alliance, and it has a number of cheap and popular dongles (including Yubikey).

      As far as 2FA goes, FIDO has more universal support than Smart Cards---no kludgy 3rd-party middleware required for it to work.

      This is what everyone should support. And as an added bonuses, wider adoption will make it very difficult for Microsoft to hijack the standard. Not likely to happen at present anyway though.

      (AC because of moderation)

    2. Re:Office Dongles by Anonymous Coward · · Score: 0

      That's not what this is. It finds EXISTING keys in your EXISTING H/W. There's no removable dongle, it's hard baked - which is a problem once attackers snarf up your keys, you can't easily change them like dongles.

    3. Re: Office Dongles by Anonymous Coward · · Score: 0

      What the fuck is wrong with you? This is FIDO2, there is no existing key until you generate one.

    4. Re:Office Dongles by DarkRookie2 · · Score: 2

      A small, easily loseable device that is $50 isn't cheap.

      --
      http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
    5. Re:Office Dongles by Darkk · · Score: 2

      If you are referring to Yubikey then yes. There are plenty of FIDO2 keys that are under $20.

    6. Re:Office Dongles by DarkRookie2 · · Score: 0

      If they want to replace the passwords with this, they really should be free.
      M$ and the rest can certainly afford it.

      --
      http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
    7. Re:Office Dongles by Anonymous Coward · · Score: 0

      Then shut up and type your password you cheap ass

    8. Re:Office Dongles by WaffleMonster · · Score: 1

      As far as 2FA goes, FIDO has more universal support than Smart Cards---no kludgy 3rd-party middleware required for it to work.

      No it doesn't. Smart cards have been widely used for approaching two decades.

      The FIDO2 standard is managed by the FIDO Alliance, and it has a number of cheap and popular dongles (including Yubikey).

      Which ones are cheaper than a smart card?

      Hell I'll make it even easier. Which ones are cheaper than the cost of a smart card reader AND a smart card?

      This is what everyone should support.

      Can you support your position? Why should I support this system when I already support smart cards / client certs? What's the benefit?

      And as an added bonuses, wider adoption will make it very difficult for Microsoft to hijack the standard. Not likely to happen at present anyway though.

      There is already a standard. You have failed to offer a compelling reason why a new one is necessary or beneficial.

    9. Re:Office Dongles by Anonymous Coward · · Score: 0

      I'm just going to say it:

      "Here FIDO, Here FIDO! Ohhhhh, you brought me someone else's bank account? Who's a good boy, Who's a good boy? You are, yes you are." *Snuggles*

    10. Re:Office Dongles by Anonymous Coward · · Score: 0

      Yep. MS will surely make this a service with monthly fee, yet user must watch a advertisement while performing a login. And they still copy and sell the keys devices contain and eventually of course delete the keys on some broken Windows 10 update. This is a new MS after all; greedier than ever and now without any QA department.

  5. And it turns out... by Anonymous Coward · · Score: 0

    ...that it only works with the Official Microsoft Authentication Key, which is a flash drive with a text file that says "ok i'm real now log me in plz kthx".

  6. Is This Why... by Anonymous Coward · · Score: 0

    Is this wonderful new feature the reason why the global MFA system was down yesterday?

    It's a bit ironic that on one day, no one can login and on the next day, you can login without a password. w00t!!!

    I'd be pretty happy is they held off on the new features and just improved the uptime/availability.

  7. FUCK! SELL!! SELL!!! SELL!!! by Anonymous Coward · · Score: -1

    The money is going POOF!

  8. Synergies of shit by PingSpike · · Score: 5, Funny

    It works with Outlook.com, Office 365, Skype, OneDrive, Cortana, Microsoft Edge, Xbox Live on the PC, Mixer, the Microsoft Store, Bing and the MSN portal site.

    Now that they've finally sorted all the garbage into one convenient bag, all that is left to do is haul it out.

  9. Oh Nice by Anonymous Coward · · Score: 0

    So here's where Chrome did that - https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html

    Here is each actual commit - https://chromium.googlesource.com/chromium/src/+log/66.0.3359.181..67.0.3396.62?pretty=fuller&n=10000

    And if you have a bug or problem, you just submit it here - https://bugs.chromium.org/p/chromium/issues/list

    So fantastic that these things are working because of people and processes like this. It's great that people who ARE PAID TO WORK THIS WAY can build companies like Google and Amazon and Microsoft.

  10. IMPERSONATING ME AGAIN? apk by Anonymous Coward · · Score: -1

    I've no version 11.0++ & gweihir KNOWS u IMPERSONATE me https://it.slashdot.org/commen... c6gunner proves it https://linux.slashdot.org/com... he forgot to SUBMIT as AC & using his registered 'lusrname' instead (because he tried to mock me both BEFORE & after I FAIRLY challenged him to show he's done better work - he had ZERO).

    YOU HELPED ME https://science.slashdot.org/c... (& you quit trying to make me look bad trying to "tell lies" on hosts as "ME" IN YOUR IMPERSONATIONS of me e.g. https://tech.slashdot.org/comm... as regards Intel speculative execution attack? Hosts PREVENT 'EM)

    APK

    P.S.=> I KNOW the 2nd to last link above's KILLING YOU - YOU ACTUALLY HELPED ME getting me to see if hosts stop more than portsmash (& Meltdown + Spectre too) & "lo & behold" - hosts WORK on 'em - U LOSE (& U STOPPED TRYING IT in your impersonations of me) .... apk

    1. Re:IMPERSONATING ME AGAIN? apk by Anonymous Coward · · Score: 0

      I tried installing, and Microsoft warns me that it is bad and unsafe software. I don't think I want bad software on my computer, do I?

      Also Microsoft technical support called, told me I have a virus and charged me money to remove it. Is this because I tried to install this bad file? Is my computer broken now? I would be lost without my AOL.

  11. No password, but... by BringsApples · · Score: 3, Insightful

    Microsoft's no-password logon offers three options: the hardware key combined with Windows Hello face recognition technology or fingerprint ID; the hardware key combined with a PIN code; or a phone running the Microsoft Authenticator app.

    So if I understand this, they've replaced the need for a password, with the need for a piece of hardware mixed with 1 of 3 other requirements. How is this better? Hell, they could have simply require any pair of the 3 other requirements and leave the hardware key out.

    --
    Politics; n. : A religion whereby man is god.
    1. Re:No password, but... by Anonymous Coward · · Score: 1

      The key bit would be the hardware key itself; you can spoof the password, fingerprints, or a pin, but without the hardware key it's not terribly useful. In theory it's also easier to detect if you loose a piece of hardware then it is if someone's gotten a password from you.

      There's plenty of other problems with the approach (what happens if you loose or damage the key?) but it has it's upsides.

    2. Re:No password, but... by BringsApples · · Score: 0

      If simply 'adding security items to login requirements' is the way to increase security, then maybe better bank security can be gotten from simply putting the bank's vault inside a slightly bigger vault. Ooo, better yet, put THAT vault inside a slightly bigger vault, too! Wait, I have a better idea, put THAT vault in a slightly....

      --
      Politics; n. : A religion whereby man is god.
    3. Re:No password, but... by Anonymous Coward · · Score: 0

      It's better because of how U2F works there's no way to grab the key from the hardware which makes it a lot harder to spoof authentication--you'd have to find a weakness in the challenge response system. Now if we could get rid of security questions and tech support password resets which are a massive backdoor for attack, we'd be in a much better situation. I honestly massively congratulate Microsoft for pushing this. I'd argue the "no password" variation is not great, but anything that moves towards U2F becoming more common is a massive improvement.

    4. Re:No password, but... by BringsApples · · Score: 1

      there's no way to grab the key

      Yes there is. Simply grab it while they're in the bathroom. Or, while. they're. doing. anything. else? The physical key is literally the EASIEST thing to grab.

      --
      Politics; n. : A religion whereby man is god.
    5. Re:No password, but... by Anonymous Coward · · Score: 1

      Even better, I can't wait to drop my hardware device, break it, and then be locked out of everything until I get a replacement.

      Hard pass on this.

    6. Re:No password, but... by Anonymous Coward · · Score: 2, Informative

      I think you're misunderstanding.... The most common hack isn't a technological one but rather social based. For example:

      1) The person uses a weak password, either something like 'password' or their birthday.

      2) The person is tricked into entering their credentials into a spoofed or compromised application which relays the password.

      3) People tend to reuse login credentials, so if a password on a weakly secure site is compromised, then the password on a properly secured website is also compromised.

      FIDO2 and hardware keys get around the issue by not using passwords but instead by using public key infrastructure. In a PKI setup, there are two halves to the security, the public key and the private key. The public key you give out freely and it can live in the website's database you want to login to as plain text. It doesn't matter if it gets compromised, anyone can see it and it doesn't matter.

      The beauty of it is something called asymmetrical encryption; you can encrypt a message with the public key but only the private key can decrypt it. So to authenticate a user:

      1) The client says, "I'm user 'john'" to the server

      2) The server looks up john public key, and encrypts a nonsense random message with the john's public key, and transmits that back to the client.

      3) The client gets the encrypted message, but it can only decrypt it with the private hardware key. The client then sends back the decrypted message to the server.

      4) The server looks at the response and if it's the message that it sent as encrypted, it can be reasonably certain that the client talking to it has the private key.

      This setup is a lot more secure because no passwords are stored on the server's database, meaning that a breach in the server side leaks considerably less. It also eliminates weak passwords as a potential breaching point.

      This doesn't negate the possibility of a Man in the Middle attack (you need mutual authentication, the server to the client and the client to the server, which gets really complicated for key distribution), but it does eliminate the major sources of lost credentials. Like I said though, it introduces problems of it's own though.

    7. Re:No password, but... by bdh · · Score: 1

      So if I understand this, they've replaced the need for a password, with the need for a piece of hardware mixed with 1 of 3 other requirements. How is this better?

      For the typical slashdotter, who already knows about 2FA, PGP, an IPSec, and has a password wallet, it won't be.

      For a more typical mundane user, whose current password for the phone, the PC, the bank, and every web site is her dog's name/his favourite sports bar and maybe his/her birth year after ("to make it secure"), having a piece of hardware and using a biometric or PIN is a lot more secure. It's not better because the hardware key and a 4-digit pin are more secure than a 64 character password. It's better because because it's more secure than the painfully poor security practices that most mundanes use in real life.

      There are more secure options out there for security. But the key for most end users is getting them to actually use the damned thing. Most people simply don't follow good security practices. This allows them to, without requiring them to make much effort, and they don't have to memorize anything.

    8. Re:No password, but... by WaffleMonster · · Score: 1

      think you're misunderstanding.... The most common hack isn't a technological one but rather social based. For example:

      1) The person uses a weak password, either something like 'password' or their birthday.

      2) The person is tricked into entering their credentials into a spoofed or compromised application which relays the password.

      This is only possible because the Internet is addicted to insecure authentication protocols. Universally PLAINTEXT passwords transmitted via TLS. This is a ridiculous and insane practice that puts millions of users at unnecessary risk.

      If you use secure authentication protocols (e.g. PAKE) it doesn't matter who is on the other end. Not only will the attacker not get anything when you try and login to their system you will get an immediate indication they are not who they claim to be.

      3) People tend to reuse login credentials, so if a password on a weakly secure site is compromised, then the password on a properly secured website is also compromised

      It doesn't have to be this way if secure authentication protocols and associated interfaces are adopted. Stored augmented verifiers can be made site specific even if the user themselves use same ones everywhere.

      FIDO2 and hardware keys get around the issue by not using passwords but instead by using public key infrastructure. In a PKI setup, there are two halves to the security, the public key and the private key. The public key you give out freely and it can live in the website's database you want to login to as plain text. It doesn't matter if it gets compromised, anyone can see it and it doesn't matter.

      This setup is a lot more secure because no passwords are stored on the server's database, meaning that a breach in the server side leaks considerably less. It also eliminates weak passwords as a potential breaching point.

      So much of security is a shell game. People are constantly punting responsibility to this or that and come to believe the issue no longer exists. Most of the time the issue is still there it's just hidden, changed or the problem is defined away by scope or framing of competing system.

      In this case the server is still guarding it's private key for server authentication and compromising it is game over same as compromising password database.

      It is fundamentally misguided to treat public keys as just another field in a database that doesn't matter if it gets compromised. It's critically important for authenticating the user. If an attacker can replace it then the attacker gains access as that user.

      In the end backend security isn't appreciably changed. Servers still guard secrets and the penalty for failure to keep them secure is mission failure.

      The security of end users WRT "know" vs "have" should not be compared to worst possible current practices involving plaintext passwords transmitted via adhoc TLS protected web forms when new alternatives are discussed. It is context dependent.

      Some people may benefit from a hardware key because they are forgetful and live with low risk of physical attack.

      Others may have excellent memory, live with people they don't trust or in an environment with higher physical risks. There may be legal concerns WRT government ability to compel production of physical things.

    9. Re:No password, but... by Anonymous Coward · · Score: 0

      That is essentially what a bank vault is. Even though there is a vault, boxes in the vault also have locks, and the building has a doors that can also be locked.

    10. Re:No password, but... by Anonymous Coward · · Score: 0

      I meant by software, but yes it's possible to steal the physical key and then try to duplicate it that way, but it's made to be very non-trivial to actually retrieve the actual key on the hardware. If you take really long bathroom breaks, you should take the key with you (and it's one reason some models use NF communication so you never have to take it off your person). The real risk is what the other AC stated, a DoS attack. So unless that's the aim, duplicating the key is useless without also knowing the password. Although at that point, I think the risk is really that someone has physical access to your machine and can do nefarious things after you log in.

      Btw, most (all?) services allow you to revert U2F through special passwords if necessary, so that mitigates the DoS risk. Clearly, that's not perfect if DoS was caused by theft/destruction by someone who has physical access to your system, but again it's nearly impossible to protect against physical attack. At least in principle for most sorts of physical attacks against the key itself, you'll become aware of the attack. If it's at the point that you're worried about physical attacks, I don't think there's any real solution.

    11. Re: No password, but... by Anonymous Coward · · Score: 0

      FYI, most bank vaults are already triple nested.
      There is a bank with doors that lock.
      In that bank there is a gated area.
      In that area, there is a vault.
      The vault room is usually made of multiple layers of steel reinforced concrete, and the vault is multiple layers of steel.

  12. Not using FIDO2 until by DarkRookie2 · · Score: 2

    Until the devices are free. I am not paying $50 for a device that only exists because people are complete fucking morons about their passwords.

    --
    http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
    1. Re:Not using FIDO2 until by Anonymous Coward · · Score: 0

      I am not paying $50 for a device that only exists because people are complete fucking morons about their passwords.

      One, you can find U2F keys for $10. Two, the actual reason for the devices is because the "people [who] are complete fucking morons" are the various companies that hold your password and authenticate it. User/password breaches are incredibly common. Having a U2F makes those breaches a lot less damaging, at least as far as taking over that account or other accounts even if they use the exact same user/password. Until security breaches of companies are not a thing, U2F is a rather important element to increasing security.

    2. Re:Not using FIDO2 until by MrL0G1C · · Score: 1

      WTH? $50!! A USB key that does this shouldn't cost much more than a dollar, it does f*** all.

      But yes, this is not for people who don't know how to keep anything secure, this is security theatre for the morons who can't cope / are too lazy to set up good password management.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  13. Also: FIDO2 = NSA backdoor by Anonymous Coward · · Score: 0

    I remember when, during the NSA leaks and OpenSSL debacle, when it came out which encryption schemes and security standards were insecure, that "FIDO" repeatedly topped the list, above RC4. anything RSA, and of course ye ancient MD5/SHA1 et al.

    Basically, FIDO can be taken as a synonym for "limit security to only things that we can break".

    I'm not using FIDO anything. Ever.

  14. IMPERSONATING ME AGAIN? apk by Anonymous Coward · · Score: -1

    I've no version 11.0++ & gweihir KNOWS u IMPERSONATE me https://it.slashdot.org/commen... c6gunner proves it https://linux.slashdot.org/com... he forgot to SUBMIT as AC & using his registered 'lusrname' instead (because he tried to mock me both BEFORE & after I FAIRLY challenged him to show he's done better work - he had ZERO).

    & NO WAY I'd "cry" like you "ne'er-do-wells" on /. (TROLL /.ers, not all) OR post on hosts offtopic.

    YOU HELPED ME https://science.slashdot.org/c... (& you quit trying to make me look bad trying to "tell lies" on hosts as "ME" IN YOUR IMPERSONATIONS of me e.g. https://tech.slashdot.org/comm... as regards Intel speculative execution attack? Hosts PREVENT 'EM)

    APK

    P.S.=> I KNOW the 2nd to last link above's KILLING YOU - YOU ACTUALLY HELPED ME getting me to see if hosts stop more than portsmash (& Meltdown + Spectre too) & "lo & behold" - hosts WORK on 'em - U LOSE (& U STOPPED TRYING IT in your impersonations of me) .... apk

  15. IMPERSONATING ME AGAIN? apk by Anonymous Coward · · Score: -1

    I've no version 11.0++ & gweihir KNOWS u IMPERSONATE me https://it.slashdot.org/commen... c6gunner proves it https://linux.slashdot.org/com... he forgot to SUBMIT as AC & using his registered 'lusrname' instead (because he tried to mock me both BEFORE & after I FAIRLY challenged him to show he's done better work - he had ZERO).

    & NO WAY I'd "cry" like you "ne'er-do-wells" on /. (TROLL /.ers, not all) OR post on hosts offtopic.

    YOU HELPED ME https://science.slashdot.org/c... (& you quit trying to make me look bad trying to "tell lies" on hosts as "ME" IN YOUR IMPERSONATIONS of me e.g. https://tech.slashdot.org/comm... as regards Intel speculative execution attack? Hosts PREVENT 'EM)

    APK

    P.S.=> I KNOW the 2nd to last link above's KILLING YOU - YOU ACTUALLY HELPED ME getting me to see if hosts stop more than portsmash (& Meltdown + Spectre too) & "lo & behold" - hosts WORK on 'em - U LOSE (& U STOPPED TRYING IT in your impersonations of me) .... apk

  16. Until FIDO2 BSODs by Anonymous Coward · · Score: 0

    Didn't read the TOS did you?

  17. One fingered salute by Anonymous Coward · · Score: 0

    I suspect the boys from Bangalore have been playing with the authentication code and have broken it multiple ways. My windows 10 boxes will let me get a signon screen with 'press any key'... the three fingered salute is gone. One of my machines decided I should use a PIN and wont let me change it to the domain logon. And my main workstation STORE and FEEDBACK keeps losing my MS login so multiple signons just looking for something. But not to worry... STORE stopped downloading anything. Might almost be a nice OS if they stopped screwing with things and just made it work consistently. Windows 7 was the last version that just did its job. So I suspect that some PHB is trying to feature some problems they introduced by being more clever than their actual understanding. Another broken bit in an overly complicated mess.

  18. So Outlook.com, xbox & Skype just became insec by Anonymous Coward · · Score: 0

    Nice... i'll be closing my accounts. pronto

  19. Thank you Microsoft .. by najajomo · · Score: 1

    You and 800 million other people now can use hardware authentication keys .. Microsoft is using a technology called FIDO2, which employs hardware keys for the no-password logon

    Yet more bleeding edge innovation from the worlds most smartest and respectable software company. I wonder who nobody else thought of this sooner.

  20. IMPERSONATING ME AGAIN? apk by Anonymous Coward · · Score: 0

    I've no version 11.0++ & gweihir KNOWS u IMPERSONATE me https://it.slashdot.org/commen... c6gunner proves it https://linux.slashdot.org/com... he forgot to SUBMIT as AC & using his registered 'lusrname' instead (because he tried to mock me both BEFORE & after I FAIRLY challenged him to show he's done better work - he had ZERO).

    & NO WAY I'd "cry" like you "ne'er-do-wells" on /. (TROLL /.ers, not all) OR post on hosts offtopic.

    YOU HELPED ME https://science.slashdot.org/c... (& you quit trying to make me look bad trying to "tell lies" on hosts as "ME" IN YOUR IMPERSONATIONS of me e.g. https://tech.slashdot.org/comm... as regards Intel speculative execution attack? Hosts PREVENT 'EM)

    APK

    P.S.=> I KNOW the 2nd to last link above's KILLING YOU - YOU ACTUALLY HELPED ME getting me to see if hosts stop more than portsmash (& Meltdown + Spectre too) & "lo & behold" - hosts WORK on 'em - U LOSE (& U STOPPED TRYING IT in your impersonations of me) .... apk

  21. No Password Required by Anonymous Coward · · Score: 0

    as long as you have
    your face,
    your fingerprint
    or
    your phone,
    ready to prove you are who you say you are.

    You're F'd allright.

  22. Because most people are too stupid... by Anonymous Coward · · Score: 0

    ... to remember a passphrase. (I won't use the word 'password' because it encourages people to think of using short and insecure 'passwords'.)
    Most people are literally so stupid that they can't even remember a simple phrase like "Nominate andeating snails" or something like that. And they can't even write down passwords in a password book and keep it on their desk at home - too much to ask for most people. Hence we have these stupid workarounds because the majority of the human population are unfeasibly stupid.

  23. FidoNet? by Anonymous Coward · · Score: 0

    Oh, so the FidoNet is back now...

  24. I am APK the LORD of HOSTS by Anonymous Coward · · Score: -1

    I am APK the great "LORD of HOSTS", a.k.a. AlecStaar from ArsTechnica or Alexander Peter Kowalski.

    See subject & APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / I . a m . a . f u c k i n g / a s s h o l e . r e t a r d . z i p (remove spaces between characters & download).

    I am the godlike creator of various GUI front-ends for other people's configuration files.

    Watch as I claim I win every argument when in reality I know I lost but that won't stop me from proclaiming my victory.

    When presented with facts I rebut them with wild speculations, false support, and out of context quotes

    Mistaking mockery and parody for impersonation is how I think people flatter me because I can't possibly understand that they detest me.

    See me lash out at one person for 2 weeks straight and claim everyone who mocks my retarded ass is actually them.

    Bask in my debilitating mental illness

    I just don't understand why every site I post on everyone makes fun of me, it can't be because I am a shit stick but instead because they are all Ne'er-do-well SOYboy Jealous JOWIEs.

    Witness my descent into madness

    APK