Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft IT Technology

Microsoft Launches Passkey Support For All Consumer Accounts (theverge.com) 28

Microsoft is fully rolling out passkey support for all consumer accounts today. From a report: After enabling them in Windows 11 last year, Microsoft account owners can also now generate passkeys across Windows, Android, and iOS. This makes it effortless to sign in to a Microsoft account without having to type a password in every time.
This discussion has been archived. No new comments can be posted.

Microsoft Launches Passkey Support For All Consumer Accounts

Comments Filter:
  • Awesome! (Score:5, Funny)

    by Iamthecheese ( 1264298 ) on Thursday May 02, 2024 @11:06AM (#64442494)
    I was just looking at Windows 11 and saying to myself, "What I really need is more ways to sign in to a Microsoft account." My life is now complete.
    • Da fuq is an Microsoft account?
      • Re: Awesome! (Score:5, Insightful)

        by TwistedGreen ( 80055 ) on Thursday May 02, 2024 @11:22AM (#64442560)

        It's when you get tricked into giving someone else the keys to your property and only being able to enter by calling and asking them to let you in.

        • by 0xG ( 712423 )

          It's when you get tricked into giving someone else the keys to your property and only being able to enter by calling and asking them to let you in.

          Along with a bunch of personal information for data correlation purposes.
          So they can cross-reference it with google accounts, health records, call records, payroll data, w.h.y.

          I always amazes how people are willing to put in their *real* name addresses, birthdates, etc.
          And birthdates are probably the worst.

          • No need for cross-service using the same account information.

            Do not need them to correlate how a person uses things across different systems.

            Do not want them to create an AI model of a 'normal user', a 'power user' from a large number of users and then (Target baby lotion advertisement predicting pregnancy like) build a database of 'in the month before user X did bad thing Y, here was their usage pattern'.

            This has encouraged me to use a lot less services and use them in only very basic ways.

    • by Tablizer ( 95088 )

      Pronounce it "Pesky"

  • No cross device sync (Score:4, Interesting)

    by Pinky's Brain ( 1158667 ) on Thursday May 02, 2024 @11:51AM (#64442642)

    Microsoft and Google are showing a shameful amount of incompetence for passkeys.

    The only advantage of passkeys is sync, why bother announcing this if all it's really saying is "hey, we're incompetent, go buy Apple".

    Sync or fuck off, across laptops and phones.

    • Apple is the driver of this. I used to work for AppleCare and the amount of calls we would give for people who had broken lost or stolen devices was insane and there was absolutely nothing we could do to give them access to their account. Meanwhile people with security questions !boom! they got instant access to their account as long as they know the answers.
    • by AmiMoJo ( 196126 )

      I don't know what you think Passkeys are, but they aren't that. They are more secure than passwords and also have the added bonus of making cookies redundant.

      What don't you like about them?

      • The fact that they are device locked. For example, if I reinstall my Mac or PC, the passkeys bound to the device are lost.

        However, there are some password programs like BitWarden and others which can store Passkeys. If Passkeys could be used on multiple devices, as well as exported/backed up similar to GPG private keys, it would be usable, as that way, I can move them between PW managers as I do with Google Authenticator TOTP shared secrets.

        • Passkeys are SUPPOSED to be device dependant, because they turn your device into a big second factor of auth. Allowing them to be synced across multiple devices would break their fundamental nature. If you need multiple devices, just add a passkey on your other device to your SSO provider and done. You just need to enroll each of your devices once. It's really not as much trouble as it sounds and it's MUCH more secure than passwords.

          Passkeys were designed pretty carefully. There's no perfect balance between

          • From a user standpoint, passkeys are nice... I use them as an alternative to YubiKeys for Google stuff. However, I am still not seeing how PassKeys are better than Google TOTP authentication. Yes, there is a password, but a good password manager ensures that it will be pretty long. If someone manages to see that, the shared secret of TOTP on devices provides excellent security, and the TOTP mechanism can be on something completely offline, but have a fairly decent clock sync.

            • by MrNaz ( 730548 )

              Think of passkeys as building the TOTP device directly into every device you use. Your laptop, phone, ipad, digital dildo, whatever. They all have TOTP built right in to them. So when you turn it on and scan your fingerprint, enter your code, swipe the pattern, use face unlock or whatever, that's factor one. The device itself is factor two. So with the regular unlock mechanism you're used to, you get 2FA for free bound to a device that is (theoretically) not cloneable.

              In other words, logging in to every ser

              • If you trust Apple to secure the secure domain on the phone, why don't you trust them to sync to another secure domain?

                The "phone as second factor" has terrible usability. Apple isn't interested in it.

                • by MrNaz ( 730548 )

                  "If you trust Apple to secure the secure domain on the phone, why don't you trust them to sync to another secure domain?"

                  Because trusting the keys into the secure enclave on the device is worlds away from trusting the enormous amount of untrusted infrastructure needed to transmit those keys to a cloud service.

                  "The "phone as second factor" has terrible usability. Apple isn't interested in it."

                  Congratulations. You win the "most wrong thing said on Slashdot today" award.
                  https://support.apple.com/en-a... [apple.com]
                  https:/ [apple.com]

                  • From one of your links :
                    "Synchronisation security

                    Passkeys were designed to be convenient and accessible from all devices used on a regular basis. Passkeys sync across a user's devices using iCloud Keychain."

                    Apple has quite a different idea of the preferred way of use than the FIDO old guard. Phone as second factor on your laptop has terrible usability.

                    • The phone is not the second factor on your laptop. Your laptop is.

                    • Because the passkey is synced. If the user had to register multiple device bound passkeys they would just stick to passwords, which are synced across devices.

                      Without sync, passkeys are a step back in usability ... Apple isn't interested in that.

          • FIDO just wants to use secure domains instead of USB keys and keep everything else the same sure, but Apple is far more relevant.

            Apple wants cross device synced passkeys, Apple users will expect them to work, good luck trying to demand device bound passkeys ... who do you think you are, Apple? Even banks will just allow the synced passkeys, if you're not paying a salary it's Apple who dictates how you access their users.

            Users want synced keys too, because fuck registering multiple keys for multiple devices.

        • by AmiMoJo ( 196126 )

          You don't really need to export them, since you always need a backup way of accessing the account that you can use to log in on a new device. Recovery codes or authenticating with another device, or you could use a very secure password (and other 2FA mechanism).

          The fact that you can't export them is part of why they are secure. They can't be stolen off your computer without multiple zero day exploits that break into the most secure parts of the OS and hardware. You can also store them on a hardware security

          • by unrtst ( 777550 )

            They way passkeys are being sold to us leaves such a bad taste in my mouth.

            More secure, in general, than what a lot of people are currently using, and with fewer user interactions so it should ease adoption... sure.

            Can't export them, but can put a copy on a yubikey, and work across multiple devices (the latter bit is from the article)... that just doesn't really add up to me. I get how it's implemented, but I don't trust it, especially when there are ways to get multiple copies of it out in the wild.

            FWIW, I

            • by AmiMoJo ( 196126 )

              You can't copy the passkey to a Yubikey. You can add a Yubikey to your account in addition to your phone or computer. I.e. you have two passkeys on your account.

              You can also use your phone to authenticate your computer by scanning a QR code off the screen.

        • Passkeys are NOT inherently tied to a single device. They can be backed up and restored on other devices (including multiple devices at once). Apple handle them this way. It's just that Microsoft's current implementation is lacklustre. As their implementation matures, MS will eventually add sync too. From an end user perspective, Passkeys should work in a similar way to password managers. The only difference with Passkeys is that the "passwords" (private keys) are not chosen by (or even visible to) th
  • This makes it effortless to sign in to a Microsoft account without having to type a password in every time.

    If I do 5 minutes of searching, will I get a similar quote about all their biometric login crap that still makes me put in a password / PIN every 3rd time because it cakes it's pants?

    I'm so over Windows 11. Time to see if there's better support for my laptop under Ubuntu 24 than the last time I looked with 22.

  • Oh, sorry, you already did that.
    Sad.
    What's really sad is that you find logging in to be sooo hard to do.
    The bottom is really a lot lower than it used to be.

    But don't worry, The American government put all their trust into Microsoft.... and that's working out great...
    for the Chinese, the Russians, and Lower Elbonia.

    Convenience has lead to fanatical avoidance of thinking or understanding.
    No need to post anon. Another jab you deserve.

The most delightful day after the one on which you buy a cottage in the country is the one on which you resell it. -- J. Brecheux

Working...