I really hope this is a joke.
12 posts • joined 21 Jul 2020
Microsoft promises end-to-end encrypted Teams calls for some, invites you to go passwordless with Azure AD
Re: "Microsoft", "cloud", "passwordless authentication"......................
“Passwordless” isn’t the same thing as biometrics. Biometrics data, like PINs, are just “gestures” for unlocking a security component such as a hardware FIDO2 token or Windows Hello (which may or may not be backed by a TPM), which among other things are engineered to resist brute-force attacks. The decision to accept or reject such a gesture is made locally. Unlike the password, no biometrics data or PIN is transmitted over the network.
Going passwordless essentially means that instead of passwords (which are often low-quality and reused), you’re now identified by a pair of public/private keys, and the private key is protected by a tamper-resistant token. If somebody steals your token, they _probably_ doesn’t have your PIN or biometrics to use it. You’ll have the opportunity to disassociate the token with your account or, if they try and fail too many (e.g., 5) times, the token will clear itself. Either way, the keypair is rendered useless.
Plus, nobody can guess your password—with or without your knowledge—if you don’t have a password in the first place.
You can argue that biometrics are fundamentally identifiers and are therefore unsuitable even as a way to locally unlock a security token. Actually PINs can get reused (and shoulder-surfed) as well. The point is these risks are much more manageable and eliminating passwords gives the user much more convenience and very often much better security.
Signal boost: Secure chat app is wobbly at the moment. Not surprising after gaining 30m+ users in a week, though
> The US put their missions on live TV, to show both failures and successes as they happened.
Chang'e 5's launch was publicly aired, as were most other high-profile Chinese space missions. I'm not sure how the landing could have been put "on live TV" though.
> The Chinese made sure that it successfully landed before announcing it.
Should they claim a success before they have confirmed it?
> A little insecurity there, it would seem.
Nah, bro. Just admit you're just a racist pig who wish to see them fail.
Apple's privacy pledges: We sent dev checks over plain HTTP, logged IP addresses. We bypass firewall apps
Microsoft wants to show enterprises that Edge means business, rather than the thing you use to download Chrome
If you manage O365 for your organization, you might want to think twice before deploying Edge, since your users won’t be able to sync their browser settings without an Azure Information Protection P1 license. A standalone AIP P1 license costs $5 per user per month. Depending on your license structure, it can be quite expensive.
Oh, I already checked, and settings-sync-for-everyone isn’t on their roadmap.
That page also tells you why in the “Causes” section, right above what you quoted.
“This issue occurs if Facebook integration isn't available for your organization. Validation rules block access to features that don't apply to certain organizations. Even though you can't disable the feature, you don't have to be concerned about the feature being used by people in your organization. If the Facebook contact sync feature isn't available for your organization, this means that the feature is blocked at a deeper level.”
I’m not sure how you could’ve missed it, quite honestly.
Re: Sounds scary...
> […] but there’s nothing to suggest non-Facebook users are safe from any data slurping by Facebook if the software company have any agreements going with Facebook.
Yeah, so um… So how can Microsoft’s business user data be “slurped” by Facebook, other than by using this “Facebook contact sync” feature (which requires the user explicitly creating a Facebook connection first)? I read the legal complaint and didn’t find any.
But if I understand it correctly, “sharing data with Facebook” only happens when Facebook contact sync in Exchange Online is turned on (by default) and a user sets up a Facebook connection.
The only place in the complaint where I found _how_ “Facebook-sharing” is done is in paragraph 76, on page 18:
> Even if a customer discovers and disables this Facebook-sharing “feature” after activating Office 365 or Exchange Online services, the damage has already been done. At that point, the business customer’s contacts have been shared with Facebook. As Microsoft explains in an obscure technical instruction, “[o]nce contacts are transferred to Facebook, they cannot be deleted from Facebook’s systems except by Facebook.”
Googling the quote leads you to an outdated document titled “Office 365 Midsize Business, Office 365 Enterprise, Office 365 Education & Office 365 Government Advanced Privacy Options for Administrators”, on a non-Microsoft domain. The quote appears in a section named “Facebook Contact Sync” (next to “LinkedIn Contact Sync”). These two features are still documented on the current Microsoft Docs website.