Microsoft States It's Time to Kill Off the Password
Click here to post a comment for Microsoft States It's Time to Kill Off the Password on our message forum
JonasBeckman
Error?
Although I can understand having fingerprint, iris or face scan as a alternative if the system supports the tech, nothing wrong with having both though but obviously the password needs to be something besides abc123 and common terms ha ha.
anticupidon
Hilbert,the link points to no article.
I google it, and there are several sources to that title.
Ok, now on the topic .
Microsoft, by saying that impllies that you ought to use Windows 10,right?And Windows Hello was a few days ago fooled by a photo by SYS german security firm.I am not saying that this will stay that way and it will be improved, but opens a new can of worms:
What if:
I use my computer and my spouse on the same accoount?
Do i need to change my shaving habits in order to be accepted by Hello?
I may add facial tatoo or body piercings, or suffered facial wounds/scars, will it be accepted, or go back to the old deprecated password?
i can image this scenario: get a good photo of someone from social network, 3d print it, and fool Windows Hello.
mbk1969
We can add work in room without lights. Will facial recognition work in the dark room?
foxx1337
This, one thousand times. The face/fingerprint/iris/blood is the USERNAME and not the password. You would expect that someone from their "top 1% talent" in there would have had that common sense already, or maybe it's the project managers' idea and maybe those guys come from the toilet of intellectuality instead of the 1%...
mbk1969
As I take it MS adopted Agile and Scrum, so they have no project managers. They are feature owners and scrum masters now.
Evildead666
100% Agree.
Biometrics is a Username, NOT a password.
It identifies you, it cannot be used as a password, as it cannot be revoked or changed.
RzrTrek
That would make more sense, but then again, with all of the data mining going on, I rather not have them sell my fingerprints to the authorities.
bigfutus
Microsoft go home you're drunk.
schmidtbag
Is MS trying to commit suicide? How are their people so blind to the fact that this is going to heavily backfire?
I never thought about biometrics as just the username, but that is a good idea. As I've said before, facial recognition makes for terrible security, as do iris scanners and the touch-based fingerprint readers. Swiping fingerprint readers can be ok, as long as the device doesn't have glossy surfaces where your fingerprint can easily be extracted. Retinal scanners ought to be pretty safe, but, they're also inconvenient to the user. But if you use these things as a way to just simply identify yourself, that could be a good idea.
EDIT:
I wonder if having proper facial recognition in addition to simultaneous fingerprint scanning would make for decent security. It's not difficult to spoof one, but you have to be really prepared to spoof both at the same time.
D3M1G0D
Biometrics is undoubtedly useful. I use facial recognition on my Surface Pro 4, and I also use my fingerprint and/or iris to log into my phone (I only use the passcode after a restart, and only because it forces me to). It's a lot faster, more convenient, and it's probably more secure as well.
The fact is, most people use simple, common passwords, and never really change them. I too don't want to bother with remembering passwords, which is why I use a password manager. Biometrics will probably be a lot more secure overall (it's not entirely foolproof, but what is?).
schmidtbag
Useful, yes. Faster, debatable. Convenient, definitely. More secure, absolutely not (assuming you don't use idiotic passwords).
For the average layman on an everyday basis, sure, biometrics is probably a better route. But for anyone who cares about security, having a complex and lengthy password is more foolproof than your fingerprint, face, iris, voice, or DNA. Once you get to around 10 characters, a password isn't worth brute-force cracking anymore. Remember - just because the computer doing the hacking could potentially crack the password in a matter of hours, it's the receiving end that has to handle all those requests. So, it could still take a lifetime to crack such a password.
Clouseau
And in the near future...some individuals will be walking around with an eye patch and a missing index finger or hand.
Tin Foil Hat time... it all about having finger prints and facial features at the ready to convict anyone at the authority's leisure (trumped up charges).
Reality wise, this is all just a matter of time. Just think it ridiculous that a home computer used for casual use needs such security measures.
cowie
we will all have to like whatever ms says anyways
I still do think a 15 year old with a picture of the user and a basketball will hack the crap out of it.
pretty soon it wont be just them stealing your ID but your eyeballs fingers and other body parts
RealNC
Maybe it's time to kill off Microsoft.
kruno
Actually you want scary story ..., it already happened,years ago Mercedes introduced their new lock on new top of the line Merc's that could be opened just with owners fingerprints.It was couple years ago so i don't remember all of details of the story (year when it happened ..),but story goes that some thieves in Malaysia cut owners hand to get Mercedes since there was no keys to unlock and start car just owner's fingerprints.That story was huuuge years ago.
JTBIRCH
Although not really mentioned, this ability was added not so long ago..
Multi-factor device unlock
https://blogs.technet.microsoft.com/mmpc/2017/10/23/move-away-from-passwords-deploy-windows-hello-today/
IMO at the end of the day, not all users are using passwords appropriately, organisations I've worked with are trying to curb this attitude by making authentication simpler / encouraging passphrases over passwords however password resets still make up a huge portion of service desk calls - This hasnt been limited to 1 or 2 companies but almost all I've worked with. Its up to the organisations to decide between Usability and Security however I think Microsoft are giving them some genuinely useful solutions.
Prince Valiant
No substitute for a strong password, especially if you change it consistently.
kegastaMmer
on a side note, for the not so savvy reading this thread, please change your passwords from 1234, 2345 , 1234 to something easy to remember but not easy to crack, for eg. " y0ud0n0tm3s5w1thth3z0hAn " or "wh3n_3v3ry0n3_n33d5_2_c0m3_1_n33d_2_kum"
RealNC
This is a bit sinister, but I wonder what MS would have to say about the case where law enforcement could illegally use physical violence to force you to unlock a device by putting your finger on the scanner against your will.
This doesn't work with a password and they need to go through the proper procedures to legally order you to unlock the device.
If I put my tinfoil hat on, I'd say MS is doing government agencies some favors here. The only reason I don't put that hat on, is that these devices have so many backdoors anyway, they don't actually need you to unlock it 😛
D3M1G0D
Yes, I realize the significance of having a strong password (which is why I use a password manager), but brute force isn't the only way of hacking a password. Many hacking attempts happen through phishing or social engineering (e.g., a phishing email, a fake website, etc). Also, long and complex passwords have a greater chance of being written down or stored somewhere, especially if they're used on many different sites/devices (it's also unlikely that they will ever change the password).
