Wow...I'd love to have been in the meetings where the MS developers thought this single-factor authentication was a great idea.I tried putting a YubiKey on my Microsoft account and it grants immediate access, no password, so I reversed course.
Something you have and something...no...wait, that's all you need. Like the old plot device where bad guys steal someone's work badge and sail right in through the badge readers to perpetrate their evil plans.
Which is why I think passkeys are a bad idea too...all one needs in some implementations is someone's phone device with biometrics and they're in. The technology is not testimonial so may not be protected by the 4th and/or 5th Amendment when the cops (or bad guys) force a fingerprint or face id from the hapless victim.
No, thanks. Vanguard does it right: Username, Password AND Yubikey.
Statistics: Posted by Diluted Waters — Thu Feb 27, 2025 10:02 pm
