|
The way I look at it is that they have managed to create the extreme opposite of Single Sign On.
And as we know, the weakest link is the users.
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
Okay, I do UNDERSTAND using a PIN, and I thought the same thing at first.
Then, I started working on a TABLET for a product I am creating.
You know what REALLY sucks. Typing a complicated password with a virtual keyboard and a touch screen!
You know how much easier it is to have a PIN. And here is an interesting side effect. Every device uses a different user login, but is programmed with the same pin. The users have to have the device in hand, and know the pin. But one pin unlocks all devices to use the software. If I remotely CHANGE the password, then the PIN SHOULD FAIL to log you in! (Because it saves the cached, hash, as I understand it).
From a management standpoint of multiple, shared devices. I am sold. If you lose a device, I assume you change your password, and the PIN becomes useless across all of your devices. If that is the case, then it's actually not a bad compromise. Especially given that you need physical access to the device.
But the Auto-Install Hello and Cortana, etc. Plus the COUNTLESS HOURS to run windows update... I am starting to miss MS-DOS 5.0 a LOT. LOL.
|
|
|
|
|
So, give me a choice.
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
The choice WAS there!
You can turn off the pin feature.
I did for a while...
Or did that take that away?
[It WAS on the screen where you reset the pin]
I say this, after I just witnessed the 2004 upgrade CHANGING the virtual keyboard, making the keys smaller by adding a USELESS Margin, and removing 2 options of keyboard that we were USING. It ruined 3 teams for an entire day, re-acclimating to a new virtual keyboard. I could strangle someone at MSFT!
|
|
|
|
|
I never looked into it - thanks for point out the PIN is stored locally.
So instead of having to remember a single long, complex password to log into multiple machines, you have to remember a different PIN for each device.
And if you start using the same PIN on each device, then an attacker only has to crack a stupid 4-digit value.
Doesn't seem like much of a win to me.
|
|
|
|
|
dandy72 wrote: And if you start using the same PIN on each device, then an attacker only has to crack a stupid 4-digit value.
Doesn't seem like much of a win to me. |
But if you use it just for your laptop -- or vice versa (not your desktop also) then it might be helpful. I don't know.
It's probably good for your grandma you can set her password to be extremely strong (64 characters) and then only require her to input a 4 digit PIN. Then whenever she gets entirely locked out, you reset her account password.
|
|
|
|
|
I use the same PIN for both laptop and desktop.
|
|
|
|
|
I am so used to pin codes being non-static that I had to think for a few seconds to understand your problem. About 20 years ago, the banks developed a common system using a fob-like "code chip": It generates a new 6-digit pin code every time you push the button. This code is typed is sent to the web site, which passes it on to a central server for verification.
I believe (or, call it a "qualified guess") that the fob has a built-in clock, and the 6-digit code is a hash of the current time, the hash (/encryption) key being different for each fob. It cannot be accessed; trying to open the fob will destroy it. The verification server is the only one knowing the key: It can hash the current time with the same way key as the fob did, and check if the PIN received is identical to what it calculates itself.
This relies on the verification server knowing which fob generated the pin. For banking services, you log in by you unique "personal number" (roughly similar to the US Social Security Number). So, a given fob is personal; there is a strict one-to-one relationship between fob and person. (Except that nowadays, you can use an app on your smartphone as a fob replacement, so you can have both
a "physical" and a smartphone fob, i.e. one-to-two.)
It started with banks only. Today, almost all services that need to indentify you uniquely (health services, information services and digital communication with authorities, credit card companies, ...) use the verification server of the banks. It works very well, and is considered very safe. (The pin code is only one factor in 2FA: You also provide a password, so a thief who grabs your fob cannot make any use of it, unless he forces you to reveal your password as well.)
This kind of pin code is certainly more safe than the password written on that yellow sticker taped to the underside of your keyboard.
|
|
|
|
|
Jorgen, calling it a PIN is a bit misleading, it can contain letters also, so it's really a password.
I got a Windows 10 laptop for the first time only a couple of months back, and I'm using a "proper" password with letters, even though it's still labelled a PIN.
How to set an alphanumeric PIN on Windows 10
Cheers,
विक्रम
"We have already been through this, I am not going to repeat myself." - fat_boy, in a global warming thread
|
|
|
|
|
Step 1) Boot up with a Linux install disk ...
Nothing succeeds like a budgie without teeth.
|
|
|
|
|
Step 2) Start a truly user-friendly desktop application
Ooooops....
|
|
|
|
|
Jörgen Andersson wrote: how the f*** is a pin-code supposed to be safer than a password?
This is indeed BS. Plus on my son's laptop, the ability to change it is disabled. Since he forgot it, I have to use my mycrosoft account password to allow him to pass any step where admin rights are required.
|
|
|
|
|
The trick is to setup Windows initially with a local account with no password, then set a password and/or link your Microsoft account to it via settings after.
|
|
|
|
|
Interesting
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
And the easy trick to create a local account is not to connect to your network earlier in the setup process.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
The only place where Windows should run is in a VM; connected to the outside world over your own proxy.
Unless it a toy, install a real OS.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Quick operation left one opening! (11)
Quick operation OP
left PORT
one UNITY
opening!
OPPORTUNITY
@Rich-Leyshon got it, but since he didn't use the word, that doesn't count ... and I am up tomorrow.
I'll clearly have to do harder ones, these easy ones are too difficult!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I was not sure of it.
Quick =?
Operation = OP
left = PORT - how?
One = UNTIY
Opening probably somewhat opportunity.
but had doubts all across for me.
|
|
|
|
|
|
|
No longer safely in his comic strip world, now he has full entered ours![^]
Now, I fear for Bob - please keep an eye on him as no one is safe.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Yes. £7000.00 per day - which is circa £1.5m p.a. That's what the UK Government is paying out to consultants working on Track & Trace.
OK, it's not quite that simple. Most UK Public bodies have preferred supplier lists, and top of the IT preferred suppliers will be the big consultancies - such as EY, Deloitte, KPMG, and in this case BCG. The big consultancies have no expertise in delivering what's required, so sub-contract it to big recruitment agencies. They sub it out to specialist agencies, who then find the contractors. I'm sure the contractors are being paid well, but they are getting nowhere close to the other parts of the supply chain.
I don't know what's more depressing: the stupidity of the Government or the greed of the huge companies creaming it in during a world-wide crisis.
Coronavirus: Test and Trace consultants paid equivalent of £1.5m salary | Business News | Sky News[^]
|
|
|
|
|
This is why the app is still not going anywhere near my phone ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I have the App - and it is underwhelming, to say the least!
My reasons for downloading it are: I'm at the higher end of the risk category, but more importantly, my in-laws (for whom my wife is the carer) are in their 90s and very fragile. One having suffered a heart attack and stroke; the other with a heart condition and high blood pressure. I have very little confidence in the App, but.... What if? I just have to do whatever I can to minimise the risk for them - even if it's downloading some stupid, pointless App.
|
|
|
|
|
I also downloaded it but it seemed of limited use. Being also in a high risk age group we are careful to keep within our bubble and keep any other contacts to a minimum and well controlled.
I belong to a lunch club for retired men in our locality, one of whom is a retired professor of medicine. He gave us an interesting talk on the virus via zoom the other day. If you think the government is scaremongering, then think again.
|
|
|
|