Posted on 05/03/2025 10:38:56 AM PDT by Openurmind
Microsoft is optimistic that our reliance on passwords is coming to a close.
Microsoft is once again moving closer to a passwordless future.
In a bold step toward embracing passkeys – which uses cryptography to better protect data from hackers and phishing scams – new Microsoft accounts will now be passwordless by default. Instead, the company will issue a prompt to set up passkeys as part of an effort to make the process more secure.
The need to get a better grasp on password protection comes at a time when many big tech companies are pushing to eliminate passwords altogether. Apple rolled out passkeys as part of iOS 16 in 2022, followed by Google, which allows people to sign in to Google and other popular accounts such as Amazon, WhatsApp and PayPal via fingerprint, face scan, PIN or pattern using a device's lock screen.
Now when a new Microsoft user attempts to enter a password and set up a "one time code" on their account, the company will prompt them to sign in with the code instead of the password and then encourage them to enroll a passkey. When they visit again, they'll be prompted to sign in with the passkey – not a password. Meanwhile, existing users can visit their account settings to delete their password.
(Excerpt) Read more at cnet.com ...
“Any secure site uses https:// (extension of the HTTP communications protocol to support TLS encryption), so the entire transmission is encrypted.”
True. But that is for the communication. If the communication is not encrypted, the password is sent with no encryption.
“I made the grave mistake of signing onto HP’s automatic printer ink delivery program, which detects when your ink is low and sends it to you before you need it—NEVER, EVER do this”
I have been on the program for years. Zero problems.
“And WITHOUT their phone.”
I know, the dependency really is a serious problem. It is going to become too complicated for a lot of folks to even use and they will just give up computing altogether. They are making it too complicated and a lot of trouble.
It reminds me of moving a site one time from one domain name to another even on the same hosting. It would not let me log into both from the same box so I had to fire up two boxes, one in each cPanel directory to download and transfer files from one to upload into the other.
They had just implemented “Device Recognition” security. So every time I went into one cPanel it would remember that device was accessing their server in whole. But when I went to work in the other cPanel it would kick me out and make me do an email passcode reset on that one to access that cPanel from a different device it now saw.
I had to do this email reset back and forth through the whole operation to get it all moved over. What should have been an hour turned into six hours. When I got that done I quit their hosting service because it was WAY too over zealous with security. It was so secure that even me the customer could not use it.
And that is what they are going to do here, they are going to “secure” everyone right out so even the pseudo-owner can’t even use it or even want to use it...
You're not alone.
Always worshiping the Beast..
Type in your password - as usual.
Then, submit it by pressing your passkey?
See #38... That is an encrypted Passkey. The problem is it has to be stored in another device. Phone, USB device...
See #38 and #47. :)
Please see See #38. It is an encrypted key code you have to keep and store on a second device like a USB key device or phone.
“This isn’t about Microsoft it’s about Windows and software licensing.”
And they both suck and borderline on Criminal business practice. :)
If it is my machine and I have to pay to get it fixed then it is my problem. I can break it if I want to, it is SUPPOSED to be MINE. It should belong to me not perpetually to Microsoft...
The better way to not have to bother with Microsoft Accounts passwords is to not have anything to do with Microsoft.
Of course that is the ultimate cure. :)
This idea is being pushed everywhere. Even some retail websites keep pushing fingerprint or facial recognition. Today, I called my ISP, and it said it’s using ‘biometric verification’ now and asked if I want to switch to voice recognition. I screamed NO into the phone, but I wonder whether they go ahead and create the voice recognition, anyway.
I wouldn’t do business with any of them. I draw the line at this enslavement technology. They are going overboard. All that is going into a database that can be hacked and stolen just like any other data but it is now just even more credible for the thief to use... I won’t even give my phone number to retailers. I will go somewhere else or live without it first. We need to stop capitulating to this and accepting this or it will not just become mandatory, the next step will be physically chipping us like an owned pet.
I just read a long article explaining what a passkey is. I still have no idea.
And I was an IT professional before I retired.
So a passkey is just a really long password that no one can remember so you have to copy-paste it from a text file instead, and can therefore only login from one device, unless you’re emailing or texting this really long password to yourself on another device.
Microsoft will follow your every move. Windows 11 takes snapshots of everything you do. They say they store this info on your pc only. This I doubt!
“So a passkey is just a really long password that no one can remember so you have to copy-paste it from a text file instead.”
Well kind of. It is stored in digital format rather than text. And can be read wireless with bluetooth using the proper utilities from a phone. Think “Syncing” a mobile device with your computer, or needing a physical USB device to plug in that has the matching digital key. You are not getting in without one or the other so now it is completely dependent on that second device to access your system at all.
A good comparison would be a digital keycard for a Motel room. You insert the card and the computer reads the chip and if the encrypted digital key string matches it will open. Or like bank cards that let you purchase an item securely with just a “tap” close to a wireless bluetooth device. The paypoint reads your account viability from the card and approves the purchase or not. So same with keypasses, either wirelessly or physically it reads the digital key (chip) from a second device and unlocks your system for you.
But here is the problem... What if you lose your second device with the key on it? Or if it fails for some reason? It would be just like losing your digital motel keycard. You are going to be locked out until you go through a BUNCH of work to get back in if EVER AGAIN. And if you contact management (Microsoft) and they can let you back in then what does this say about how private it is from MS? If they can still get in your system then it is not yours or private and they are now your landlord (motel keeper).
And if even they can’t help you get in then you are screwed and everything on that computer is gone and it is bricked. This dependency on a second device is a problem. This new feature should be optional not mandatory by default as MS has planned. A lot of us don’t even need that kind of security. It is overkill for most and unneeded.
And here is the cherry on top. To make an encrypted key on a smartphone it will probably require a fingerprint scan and facial recognition. Heard this concept before?
“Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead, so that no one can buy or sell unless he has the mark”
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.