Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   Microsoft introduces "one-factor authentication", which is commonly referred to as ' 'authentication' in the tech field   ( arstechnica.com) divider line
    More: Misc, Security token, Password, weak app support, two-factor authentication app, Authentication, authentication attempt-no password, standard one-time password, Two-factor authentication  
•       •       •

1410 clicks; posted to Geek » on 19 Apr 2017 at 8:37 PM (39 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



33 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest
 
2017-04-19 05:17:07 PM  
I am going to invent zero factor authentication. It will open up whenever it sense your presence. Or a presence.
 
2017-04-19 05:30:34 PM  
So let me get this straight...  They just added a feature that allows you to harass somebody with their own phone and all you have to do is type in their email address to do it?  Better still, I can just set up a bot that tries to log into people's accounts because eventually one of those people will accidentally click 'yes'?  Microsoft, you are so full of fail.
 
2017-04-19 06:58:20 PM  

BadReligion: I am going to invent zero factor authentication. It will open up whenever it sense your presence. Or a presence.


RFID scanners already exist. Walk-up/walk-away
 
2017-04-19 06:59:35 PM  

GardenWeasel: BadReligion: I am going to invent zero factor authentication. It will open up whenever it sense your presence. Or a presence.

RFID scanners already exist. Walk-up/walk-away


Yes, but my idea has the added convenience of authenticating everybody. No muss, no fuss.
 
2017-04-19 08:25:49 PM  

BadReligion: GardenWeasel: BadReligion: I am going to invent zero factor authentication. It will open up whenever it sense your presence. Or a presence.

RFID scanners already exist. Walk-up/walk-away

Yes, but my idea has the added convenience of authenticating everybody. No muss, no fuss.


img.fark.netView Full Size
 
2017-04-19 08:55:03 PM  

BadReligion: I am going to invent zero factor authentication. It will open up whenever it sense your presence. Or a presence.


img.fark.netView Full Size


Vader Tech
 
2017-04-19 09:02:14 PM  
Is double single quote authentication a deep joke or just today's latest headline typo?
 
2017-04-19 09:14:28 PM  

BadReligion: I am going to invent zero factor authentication. It will open up whenever it sense your presence. Or a presence.


That would still be 1 factor authentication ... factors include.

A) Something you know (passwords, pass phrases)
B) Something you have (proximity dongles, authentication e-mails, crypto tokens)
C) Something you are (fingerprint, retinal scan, facial recognition) ... 'presence' would fall under this

// though, that gives me an idea for negative factor authentication (-1/-2/-3 factor).
// Something you don't know ... something you don't have ... something you aren't.
 
2017-04-19 09:15:06 PM  

derpes_simplex: So let me get this straight...  They just added a feature that allows you to harass somebody with their own phone and all you have to do is type in their email address to do it?  Better still, I can just set up a bot that tries to log into people's accounts because eventually one of those people will accidentally click 'yes'?  Microsoft, you are so full of fail.


While you bring up a good point, you may want to wait to pass judgement  until you get more details.  They already protect misuse of account logins via machine learning, so my guess this obvious concern may already be handled with that system.
 
2017-04-19 09:17:58 PM  

lordargent: C) Something you are (fingerprint, retinal scan, facial recognition) ... 'presence' would fall under this


That's more "something anybody is" than something specific to you.
 
2017-04-19 09:20:38 PM  

nacker: so my guess this obvious concern may already be handled with that system


Counterpoint:
Twitter taught Microsoft's AI chatbot to be a racist asshole in less than a day
 
2017-04-19 10:01:28 PM  

derpes_simplex: So let me get this straight...  They just added a feature that allows you to harass somebody with their own phone and all you have to do is type in their email address to do it?  Better still, I can just set up a bot that tries to log into people's accounts because eventually one of those people will accidentally click 'yes'?  Microsoft, you are so full of fail.


Which Yahoo has already done yonks ago.  I really need to switch everything over to gmail now...
 
2017-04-19 10:05:27 PM  

lordargent: nacker: so my guess this obvious concern may already be handled with that system

Counterpoint:
Twitter taught Microsoft's AI chatbot to be a racist asshole in less than a day


And here's an article that goes into possibly why that happened.

https://arstechnica.com/science/2017/04/princeton-scholars-figure-out​-​why-your-ai-is-racist/
 
2017-04-19 10:14:11 PM  

lordargent: BadReligion: I am going to invent zero factor authentication. It will open up whenever it sense your presence. Or a presence.

That would still be 1 factor authentication ... factors include.

A) Something you know (passwords, pass phrases)
B) Something you have (proximity dongles, authentication e-mails, crypto tokens)
C) Something you are (fingerprint, retinal scan, facial recognition) ... 'presence' would fall under this

// though, that gives me an idea for negative factor authentication (-1/-2/-3 factor).
// Something you don't know ... something you don't have ... something you aren't.


Microsoft Zero Authentication
Never log in again. Just create your account and our AI automatically generates and responds to all your emails and messages for you.
 
2017-04-19 10:50:54 PM  

lordargent: BadReligion: I am going to invent zero factor authentication. It will open up whenever it sense your presence. Or a presence.

That would still be 1 factor authentication ... factors include.

A) Something you know (passwords, pass phrases)
B) Something you have (proximity dongles, authentication e-mails, crypto tokens)
C) Something you are (fingerprint, retinal scan, facial recognition) ... 'presence' would fall under this

// though, that gives me an idea for negative factor authentication (-1/-2/-3 factor).
// Something you don't know ... something you don't have ... something you aren't.


I've actually seen that before. A website wanted the name of my middle school principal, which I did not know; I had to find it online. So I had to prove my identity with a fact that I myself did not know, but anyone else could have looked up.
 
2017-04-19 10:56:07 PM  

nacker: derpes_simplex: So let me get this straight...  They just added a feature that allows you to harass somebody with their own phone and all you have to do is type in their email address to do it?  Better still, I can just set up a bot that tries to log into people's accounts because eventually one of those people will accidentally click 'yes'?  Microsoft, you are so full of fail.

While you bring up a good point, you may want to wait to pass judgement  until you get more details.  They already protect misuse of account logins via machine learning, so my guess this obvious concern may already be handled with that system.


Well sure, obviously I am talking about this as the concept was presented; dumbed down for general release.  But while you could use machine learning to easily thwart the repeated attempt at the same account, if you had a diverse range of source IPs or proxies, and you were just fishing for suckers with a very wide net, just say single attempts on a huge list of target accounts, you'd eventually get a 'yes' click either by accident or because somebody was actually logging in at that moment and thought they were allowing themselves in.

Without some mechanism to prevent a push notification to your device before some sort of initial auth is made, I don't see how this problem can be escaped.
 
2017-04-19 10:58:30 PM  

derpes_simplex: So let me get this straight...  They just added a feature that allows you to harass somebody with their own phone and all you have to do is type in their email address to do it?  Better still, I can just set up a bot that tries to log into people's accounts because eventually one of those people will accidentally click 'yes'?  Microsoft, you are so full of fail.


Or u could eliminate all the BS and install Linux.
 
2017-04-19 11:00:43 PM  

lordargent: nacker: so my guess this obvious concern may already be handled with that system

Counterpoint:
Twitter taught Microsoft's AI chatbot to be a racist asshole in less than a day


Microsoft has already Mastered the Art of Asshole.
 
2017-04-19 11:09:43 PM  

Linux_Yes: derpes_simplex: So let me get this straight...  They just added a feature that allows you to harass somebody with their own phone and all you have to do is type in their email address to do it?  Better still, I can just set up a bot that tries to log into people's accounts because eventually one of those people will accidentally click 'yes'?  Microsoft, you are so full of fail.

Or u could eliminate all the BS and install Linux.


Dude, as somebody who runs Linux at home, has Linux on his kids' machine, and installs Linux on friends' machines, let me just say that comments like yours ain't helping any.

/Did I just bite?
 
2017-04-19 11:23:19 PM  
Better than "X+1" authentication... A few years ago I got a work laptop with a fingerprint scanner.

-Logged into the laptop with a password and installed the fingerprint scanner software.
-Fingerprint scanner software asked for text password and fingerprint.
-Fingerprint scanner software replaced ALL native software/firmware password prompts with fingerprint scan confirmation.
-Fingerprint scanner software corrupted fingerprint database.

-Only recovery function to revert back to text password is locked in the fingerprint scanner software configuration utility, behind a fingerprint scan confirmation...

/WipeDisk boot CD, GO!
//Reinstall default image.
///Purge fingerprint scan drivers with fire...
 
2017-04-19 11:36:46 PM  

lordargent: nacker: so my guess this obvious concern may already be handled with that system

Counterpoint:
Twitter taught Microsoft's AI chatbot to be a racist asshole in less than a day


I think that says more about the nature of twitter than the chatbot.
 
2017-04-20 12:33:06 AM  
Does anyone else get slightly bothered by the fact that you can easily get 2 factor security for Steam itself as well as many popular individual game accounts but not for your bank, brokerage or utility accounts?

Scottrade reps act like I asked them the square root of something if I even say 2 factor security.
 
2017-04-20 01:38:25 AM  

Vaginosilicosis: Does anyone else get slightly bothered by the fact that you can easily get 2 factor security for Steam itself as well as many popular individual game accounts but not for your bank, brokerage or utility accounts?

Scottrade reps act like I asked them the square root of something if I even say 2 factor security.


I've done development work in some of those industries. Frankly it's a small miracle the 1-factor authentication works and even then it's terrifyingly unsafe.

I've seen plaintext passwords in Oracle databases which you can connect to with the password "changeme" in 2015 and I doubt they've fixed it.

Oh well. Sleep tight.
 
2017-04-20 05:04:30 AM  

Sim Tree: lordargent: BadReligion: I am going to invent zero factor authentication. It will open up whenever it sense your presence. Or a presence.

That would still be 1 factor authentication ... factors include.

A) Something you know (passwords, pass phrases)
B) Something you have (proximity dongles, authentication e-mails, crypto tokens)
C) Something you are (fingerprint, retinal scan, facial recognition) ... 'presence' would fall under this

// though, that gives me an idea for negative factor authentication (-1/-2/-3 factor).
// Something you don't know ... something you don't have ... something you aren't.

I've actually seen that before. A website wanted the name of my middle school principal, which I did not know; I had to find it online. So I had to prove my identity with a fact that I myself did not know, but anyone else could have looked up.


Like it already knew some how or that it wanted you to provide it with the answer for future validation?  Everyone knows you have to put fake answers into those security questions, yah it just becomes a secondary series of passwords (yay, like we don't have enough of those already eh?) but at least no one can go and research the correct answers, even if they think they can.

Favourite vacation:  Siberia
Mother's Maiden Name:  2 Minutes to Midnight

 etc etc.
 
2017-04-20 06:20:52 AM  

Vaginosilicosis: Does anyone else get slightly bothered by the fact that you can easily get 2 factor security for Steam itself as well as many popular individual game accounts but not for your bank, brokerage or utility accounts?

Scottrade reps act like I asked them the square root of something if I even say 2 factor security.


I know, right?  But, to be fair, a lot of people may have Steam accounts with more value than their bank balance.

/I still want a way to divide and bequeath my steam games to my kids.
 
2017-04-20 07:35:20 AM  

LoneVVolf: Better than "X+1" authentication... A few years ago I got a work laptop with a fingerprint scanner.

-Logged into the laptop with a password and installed the fingerprint scanner software.
-Fingerprint scanner software asked for text password and fingerprint.
-Fingerprint scanner software replaced ALL native software/firmware password prompts with fingerprint scan confirmation.
-Fingerprint scanner software corrupted fingerprint database.

-Only recovery function to revert back to text password is locked in the fingerprint scanner software configuration utility, behind a fingerprint scan confirmation...

/WipeDisk boot CD, GO!
//Reinstall default image.
///Purge fingerprint scan drivers with fire...


Windows Hello doesn't do away with your password/pin to get into your device, it supplements it. I've got my phone (Lumia 950xl) set to lock my screen immediately when the screen is dimmed. When I turn it back on I just look at it and the facial recognition instantly unlocks it. If the lighting is bad, and it can't see me well enough, it just prompts me for my pin. I would think it works the same with a fingerprint scanner.
 
2017-04-20 07:51:30 AM  

MarkEC: Windows Hello doesn't do away with your password/pin to get into your device, it supplements it. I've got my phone (Lumia 950xl) set to lock my screen immediately when the screen is dimmed. When I turn it back on I just look at it and the facial recognition instantly unlocks it. If the lighting is bad, and it can't see me well enough, it just prompts me for my pin. I would think it works the same with a fingerprint scanner.


Not the garbage HP was putting out ~7yrs ago. That biometric utility disabled text passwords and walled the ability to make changes in behind it's own authentication protocol, which it corrupted within a week.
 
2017-04-20 08:00:39 AM  

LoneVVolf: MarkEC: Windows Hello doesn't do away with your password/pin to get into your device, it supplements it. I've got my phone (Lumia 950xl) set to lock my screen immediately when the screen is dimmed. When I turn it back on I just look at it and the facial recognition instantly unlocks it. If the lighting is bad, and it can't see me well enough, it just prompts me for my pin. I would think it works the same with a fingerprint scanner.

Not the garbage HP was putting out ~7yrs ago. That biometric utility disabled text passwords and walled the ability to make changes in behind it's own authentication protocol, which it corrupted within a week.


Sounds as if you could have bypassed all that with a regular NT password reset boot disk.  (Unless they also encrypted the whole drive, which is unlikely.)

/7 year old Monday morning quarterbacking is the best quarterbacking
 
2017-04-20 11:25:57 AM  

Vaginosilicosis: Does anyone else get slightly bothered by the fact that you can easily get 2 factor security for Steam itself as well as many popular individual game accounts but not for your bank, brokerage or utility accounts?


You need a better bank, brokerage and utility.

Bank of America texts me a code before I make any large transfer, use a new device, or change account information. TD Ameritrade at least has security questions when I login from a new device, while Fidelity and Vanguard offer one-time codes. Pepco shows me the security image thing at least, but I don't know what harm could really befall me from somebody logging in to see my electric bill.
 
db2
2017-04-20 12:06:30 PM  
The Authenticator app is available for iOS, Android, and Windows 10 Mobile, but regrettably, while the first two include the new feature, Microsoft has not seen fit to add it to the version of the software that runs on its own platform, citing low usage.
Ha ha ha ha ha.
 
2017-04-20 12:12:58 PM  

dukeblue219: Vaginosilicosis: Does anyone else get slightly bothered by the fact that you can easily get 2 factor security for Steam itself as well as many popular individual game accounts but not for your bank, brokerage or utility accounts?

You need a better bank, brokerage and utility.

Bank of America texts me a code before I make any large transfer, use a new device, or change account information. TD Ameritrade at least has security questions when I login from a new device, while Fidelity and Vanguard offer one-time codes. Pepco shows me the security image thing at least, but I don't know what harm could really befall me from somebody logging in to see my electric bill.


All of my accounts do that, everyone does that, that is not real security.   I want the ability to have my account require actual 2 factor security on every log in and not just when I clear my cache or try to change my contact information.    People are free to be lazy but at least offer it for those of us who do want it.

Besides, with BOA your biggest worry should be about BOA taking your money anyway.
 
2017-04-20 02:59:41 PM  

Far Cough: (Unless they also encrypted the whole drive, which is unlikely.)


1st generation PGP whole disk encryption, with the grey pre-boot authentication. It would spin a CD for SOME things before that screen, mostly to allow BIOS flashes. Wouldn't let anything boot off the actual HDD unless the PGP authentication was satisfied. THAT screen would take text for the encryption key (default admin user) from a cold boot and pass forward through NT login with no additional prompt. If you tried fast user switching or log off/on without a power cycle, the fingerprint utility would override the NT prompt. If you tried to edit fingerprint utility settings, it required you to log in with the fingerprint scanner (corrupt). I "persistently negotiated" with it for a good week before resorting to scorched earth tactics.
 
2017-04-20 06:14:42 PM  
Well then!  Never mind.  :)
 
Displayed 33 of 33 comments

View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking

On Twitter





Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report