Skip Navigation

Microsoft @lemdro.id

Nemeski @lemm.ee

2d ago

Microsoft goes passwordless by default on new accounts

www.theverge.com

Microsoft goes passwordless by default on new accounts

The Verge @sh.itjust.works

bot @rss.ponder.cat

2d ago

Microsoft goes passwordless by default on new accounts

www.theverge.com /news/659929/microsoft-passwordless-passkeys-by-default

3 comments

What's the motive here? Make it easier for security services to hack into our stuff?
The claim that this will enhance security does not seem credible.
Instead of an arbitrarily long password that would take a supercomputer longer than the age of the universe to crack, users will be limited to a 4 digit pin + publicly accessible biometric data with no expectation of that biometric data being private or secret.
I hope I'm misunderstanding the implications, because it seems like Microsoft isn't getting rid of passwords so much as limiting password length to 4 digits.
- The problem is that brute-forcing passwords hasn't been a thing for ages. It's all about phishing and social engineering now, something passwords can't protect against. It doesn't seem like they're pushing for pins as much as passkeys, which I much prefer using over other bandaid fixes like SMS 2FA (well, now that Firefox for Android properly supports using passkeys from Bitwarden. Before they fixed that, they were really obnoxious to use).
  
  SMS 2FA hasn't been valid MFA for a decade. It's junk and I wish organizations were ridiculed into improving.