Comment on Microsoft says new accounts will be passwordless by default

BombOmOm@lemmy.world ⁨4⁩ ⁨days⁩ ago

The gold standard is providing something you know (a password) alongside something you have (an OTP or fingerprint). This is two-factor auth in a nutshell.

using your face, fingerprint, or PIN

You leave fingerprints and images of your face everywhere you go; and in the case of someone spoofing those, there is zero way to change either. Such public information is not the foundations of a secure system.

And a PIN is just a shorter, shittier password. Why the hell would we replace a normal password with the least secure, most shitty version of a password?

source
Sort:hotnewtop