Quote from: Neenyah on May 06, 2024, 04:56:02QuoteMicrosoft states that all biometric data remains on the user's device and is never sent to them.
😅😅
Sure.
Exactly. MS has lost any and all trust at this point.
This whole thing just seems pointless. They're basically taking password + 2FA and removing the password, leaving just the 2FA, which makes it 1FA. Even a weak password, combined with 2FA, would be better than this. It would be far better to just require users to either use 2FA or to acknowledge that they understand the risks of not doing so, as well as actually implementing good 2FA (it amazes me how many banking institutions use SMS and don't even offer tokens as an option) and making sure it works (I've had to disable it for at least a couple things, including Steam and Reddit, due to it not working properly and risking being locked out of my account).
As for the article's suggestion of using a pattern-based password, this can be very dangerous, as once an attacker learns one password, if they spot the pattern, it makes it trivial for them to crack other passwords.
Personally, I use an email alias system to create a new email for almost every site/business, which not only protects my main email and allows me to block them if I start getting spam to them (and I know who leaked it), but it adds another layer of protection for this kind of thing. And I use KeePass, which allows me to use long, complex passwords with no need to remember them and no risk of having a server hack exposing them like with LastPass et al. Of course, it's not entirely risk-free, either, but nothing is.
Deutsch
English
Español
Français
Italiano
Nederlands
Polski
Português
Русский
Türkçe
Svenska
Chinese
Magyar