not_IOFeb 22

Persona, Discords "Age Verification" Service, creates a profile of you, sends it to the US Feds and deems you suspicious based on your appearance, exposed by Hackers

https://lemmy.blahaj.zone/post/38950187

Blåhaj Lemmy - Choose Your Interface

Show threadLost_My_MindFeb 22

“Why wouldn’t I use verification? I’ve got nothing to hide”.

This. This is why you do not submit willingly, regardless of what you have to hide. Fascism doesn’t give a shit if you’re innocent.

Show threadledsFeb 22
Using Microsoft teams at work, it keeps on asking me record a voice sample and selfy so it can identify me in meeting , yeah no thanks
Show threadA_norny_mousseFeb 22
And then your coworkers think you’re IT challenged because you don’t even know how to do the simplest things. (true story)
Show threadMonumentFeb 22

My company just mandatorily implemented “Windows Hello”

No one seems to be able to tell me why the information from Microsoft says the fingerprint and face scans are both “local only” and may take 24 hours to sync after initial setup. Where are they syncing to?
(I opted for the ‘pin’ method instead of surrendering my biometrics.)

Show threadKiernianFeb 22

PIN is the best way to go there. It only works on that one machine, although you can technically set the same PIN again on another computer.

I believe the typical intent is as follows:

  • It is now possible to brute force things that were previously considered “complex” passwords in a semi-reasonable amount of time.
  • This necessitates longer and more complex passwords
  • People can’t remember those so they have a tendency to write them down or do other relatively insecure things with them.
  • Forgotten passwords can generate a lot of helpdesk calls and are also an attack vector
  • If we insist on really complex passwords that are too long to reasonably brute force with current technology, we need a way for users to log in that’s not going to make 3 and 4 a major issue.
  • If the simpler PIN method is locked to a per machine basis, it matters a lot less if the PIN is compromised because you also need physical access to the computer or the PIN is useless.

    • This should, in theory, allow workplaces to set requirements for really complex passwords that only need to be reset once a year or so, without breaking helpdesk, inconveniencing users, or leaving gaping security holes.

    Whether or not that all happens depends on the workplace, but that’s the general thought process in most of the places I’ve worked where a modicum of sense prevails

    Show threadMonument

    …. Oh!

    You just explained a question I had.
    I couldn’t figure out why a pin was considered more secure.

    In my reasoning: How is a PIN (potentially numeric only), changed 1x a year, safer than a password (3 of 4: Alpha, Mixed case, numeric, special chars), changed 4x a year.

    The answer, as you explained, is scope of trust. Machine only vs tenant-wide. That makes sense.

    Feb 22 at 3:07pmWeb
    Show threadsmhFeb 22

    That makes sense. Something you have (that specific machine) + something you know (your pin).

    I used to work someplace where we all had a pin+a smart card that we’d insert into the machine, same idea except I could log into any machine with the card+pin combination.

    Loved not having to remember a long AF password. Didn’t like having to drive home if I forgot my card on the kitchen counter.

    Show threadJcbAzPxFeb 23
    The problem is, if someone does get physical access to the machine, you’ve just made breaking into it much easier.
    Show threadPoem_for_your_sprogFeb 23
    Just keep the card in your anus
    Show threadtux7350Feb 22
    Windows Hello ties the PIN to the TPM of the computer. It’s not just you having a pin, its the pin + the crypto secret loaded on the device. Thats why its more secure then just a complex password.