What is it with MIcrosoft

Sam Vimes · Jul 5, 2022

Apologies to the OP if these further discussions are muddying the waters even more but security is important. We're all here to help each other and there are a number of people following this thread who may also find the advice helpful.

The concept of using 2FA on a mobile phone is a good idea but has one draw back. You need a mobile phone signal to be able to receive the code as an sms text. Some organisations will allow an email to be sent but, as in the case of the OP, if you can't log into your email you can't get the code - catch 22.

There is another option and that requires a smartphone which can run an authenticator app. MS Authenticator and Google Authenticator are just two available - I use the MS version.

These are not supported by all organisations but the app operates in a similar way to the banking card readers you may already use. When the organisation you want to log into wants a 2FA code then if you've set the app up with them, you open it with a secure method - pin number, face recognition or fingerprint - and then it will provide a code for the specific organisation you want. The code changes every 30seconds and is unique to you and your device.

MS Authenticator also allows for the storage of usernames and passwords for apps and web sites and can act as an Autofill service.

Its worth looking into in my opinion.

Buckman · Jul 5, 2022

What is 2FA? I assume MS is Microsoft? I do not sue one of those password managers as no idea how they work. Concern here is that I cannot remember the complicated password generated and if you clear cookies off your machine, it may clear any passwords and then you are up the proverbial creek without a paddle!

JTQ · Jul 5, 2022

Link to 2FA meaning; Two Factor Authentication.

Unless you have been doing something novel, clearing cookies does not clear Microsoft's Edge's or Chrome's password remembering features.

I keep a record of the now nearly 100 passwords etc on an encrypted USB stick, held in the house safe just in case Google or Microsoft's data banks are wiped out. OTT I know.

-------------------------------------

Picking up on Sam's point about no mobile voice connection to receive a text code. Not in our case, and possibly others than the OP likely ever to be an issue.
When away from home, it is going to be near 100% chance I will be tethering my tablet or laptop from the phone anyway, so would not be in a poor connection area when needing to receive an authorisation code.

otherclive · Jul 5, 2022

Buckman said:
What is 2FA? I assume MS is Microsoft? I do not sue one of those password managers as no idea how they work. Concern here is that I cannot remember the complicated password generated and if you clear cookies off your machine, it may clear any passwords and then you are up the proverbial creek without a paddle!

Passwords are kept in a totally separate file to cookies and deleting cookies, search history or even tractor websites 🤣doesn’t delete your passwords. In a password manager you only need to remember a single password all your others are encrypted within the password manager.

otherclive · Jul 5, 2022

JTQ said:
Link to 2FA meaning; Two Factor Authentication.

Unless you have been doing something novel, clearing cookies does not clear Microsoft's Edge's or Chrome's password remembering features.

I keep a record of the now nearly 100 passwords etc on an encrypted USB stick, held in the house safe just in case Google or Microsoft's data banks are wiped out. OTT I know.

I do similar and have them filed separately elsewhere but only for cash or information sensitive sites that I want to protect my security and privacy.

Jcloughie · Jul 5, 2022

Buckman said:
What is 2FA? I assume MS is Microsoft? I do not sue one of those password managers as no idea how they work. Concern here is that I cannot remember the complicated password generated and if you clear cookies off your machine, it may clear any passwords and then you are up the proverbial creek without a paddle!

2FA simply means two factor authentication. It is a method of checking that the person trying to log on is really you.

eg.

Log on by entering username and password.

The organisation will now send you a code (the second factor). To a device that you have pre registered with them.

There are many password managers. I use F-secure. I have their full package including virus checker and VPN virtual private network. Comes at a reasonable price for Virgin subscribers.

With the password manager you do need to trust the provider to provide the encryption and security. But of course you need to remember 1 password. But that password could be substituted with fingerprint, iris or face recognition. I also use it to store other private data.

If you have difficulty trusting these organisations then you will be stuck with remembering a load of passwords or repeating the same one, not a good idea.

Consider looking at taking a short college course.

John

To add. The password manager will hold your passwords encrypted on it's own cloud. I think this is the a aspect that make people nervous. But this enables the user to access them from anywhere and my machine.

Jcloughie · Jul 5, 2022

I used to run a variety of computer courses, operating systems and software. But that was over 30 years ago. So things have changed slightly. In my opinion there is a need for beginners courses on basic networking and security. But they are not easy to find. This would fit the bill though. £62 well invested perhaps.

Intro to Cyber Security - Online Cyber Security Course - FutureLearn

Learn the essentials of cyber security and build your skills to better protect your digital information from security threats with this online cyber security course from The Open University.

www.futurelearn.com

John

Sam Vimes · Jul 5, 2022

JTQ said:
Picking up on Sam's point about no mobile voice connection to receive a text code. Not in our case, and possibly others than the OP likely ever to be an issue.
When away from home, it is going to be near 100% chance I will be tethering my tablet or laptop from the phone anyway, so would not be in a poor connection area when needing to receive an authorisation code.

There can be many situations where you can get a wifi connection but no mobile signal. Connecting to a camp site wifi system, hotels, coffee shops, BT Hotspots and so on may give you a wifi signal but you may find no mobile signal.

Until a few months ago this was the situation at home. We had good wifi but non-existent mobile signal at times, which made getting codes via sms impossible. The Authenticator app works for us but as I mentioned not all organisations can use it. Fortunately we now have a different mobile network supplier and although the signal comes and goes they do support Wifi calling so we can always get the codes.

Sam Vimes · Jul 5, 2022

Jcloughie said:
To add. The password manager will hold your passwords encrypted on it's own cloud. I think this is the a aspect that make people nervous. But this enables the user to access them from anywhere and my machine.

Not all password managers store your data in the cloud. The subscription services for these products are sold on the basis of cloud storage so that you can sync your passwords across multiple devices.

However, many offer a free version - often after a trial of the full version - that you don't have to store data in the cloud. I use Roboform and its only stored locally. To use across multple devices I manually copy the data files to the other machines.

MS Authenticator isn't that great at Password Management so I only use it for forum log-ins and other non critical stuff. However the Authentication of web sites is really good and doesn't require a network connection.

If you want to store stuff encrypted locally then a good program is Veracrypt. It will create an encrypted virtual drive on your PC which you can then add stuff to. This is where I backup my passwords from Roboform.

JTQ · Jul 5, 2022

Sam Vimes said:
There can be many situations where you can get a wifi connection but no mobile signal. Connecting to a camp site wifi system, hotels, coffee shops, BT Hotspots and so on may give you a wifi signal but you may find no mobile signal.

Yes, but not in our case very often or at all, as I said, I way prefer to tether than get onto wifi networks other than our own. Just feel a bit more secure than using cafe etc wifi, though I suspect more informed contributors will point out errors in that assumption.

Guzzilazz · Jul 6, 2022

Password Managers are the way to go. Nowadays some of the better Antivirus providers do this as an add-on (e.g. Bitdefender). I use LastPass (paid for) which allows me to generate complex passwords, store them and to use them on all my devices... The only password I need to remember is the LastPass master password (which is also a long complex phrase). A typical generated password is:
6WgHpH2uT*BA6pGnj&@zD$vfk
Please note this is not a password I use!

otherclive · Jul 6, 2022

Guzzilazz said:
Password Managers are the way to go. Nowadays some of the better Antivirus providers do this as an add-on (e.g. Bitdefender). I use LastPass (paid for) which allows me to generate complex passwords, store them and to use them on all my devices... The only password I need to remember is the LastPass master password (which is also a long complex phrase). A typical generated password is:
6WgHpH2uT*BA6pGnj&@zD$vfk
Please note this is not a password I use!

I find that some websites don’t allow complex passwords and may have a limited character set. It’s not uncommon to be limited to 8-16 characters with specific requirements on capitals, numerics and symbols. Apple generate strong 20 character passwords but these then cannot be used if the website has a pre designated requirement.

JTQ · Jul 6, 2022

Guzzilazz said:
The only password I need to remember is the LastPass master password (which is also a long complex phrase). A typical generated password is:
6WgHpH2uT*BA6pGnj&@zD$vfk

Personally, now at my age I could not remember a master password half that complex, admirable you can.

Sam Vimes · Jul 6, 2022

I think I've posted this before but if you want to check how good your passwords are then try this web site...

GRC's | Password Haystacks: How Well Hidden is Your Needle?

Password Haystacks: How Well Hidden is Your Needle?

www.grc.com

Guzzilazz · Jul 7, 2022

otherclive said:
I find that some websites don’t allow complex passwords and may have a limited character set. It’s not uncommon to be limited to 8-16 characters with specific requirements on capitals, numerics and symbols. Apple generate strong 20 character passwords but these then cannot be used if the website has a pre designated requirement.

JTQ said:
Personally, now at my age I could not remember a master password half that complex, admirable you can.

LastPass allows you to choose the length and which sorts of characters to use .

That's NOT my master password, I use a phrase where I change characters such as:

L4rryl!k35c4r4v4nn1ng (Larrylikescaravanning)

otherclive · Jul 8, 2022

Guzzilazz said:
LastPass allows you to choose the length and which sorts of characters to use .

That's NOT my master password, I use a phrase where I change characters such as:

L4rryl!k35c4r4v4nn1ng (Larrylikescaravanning)

I think your code for converting symbols and numerics to letters would leave Alan Turing scratching his head. 🤣 Even a Quantum computer might baulk at the challenge.😱

Search

What is it with MIcrosoft

Sam Vimes

Moderator

Buckman

JTQ

otherclive

otherclive

Jcloughie

Jcloughie

Intro to Cyber Security - Online Cyber Security Course - FutureLearn

Sam Vimes

Moderator

Sam Vimes

Moderator

JTQ

Guzzilazz

otherclive

JTQ

Sam Vimes

Moderator

GRC's | Password Haystacks: How Well Hidden is Your Needle?

Guzzilazz

otherclive

TRENDING THREADS

Latest posts