MicrosoftI don't want a passwordless experience. This is not an experience and it really irks me when I see Microsoft commit itself to doing some fanciful fluff on some fanciful concept that just has potential for abuse and security problems at my expense.
How can not having any password and instead leaving the gatekeeping to either some Microsoft policy or setting which means it is now a setting that any relevant Microsoft employee will be able to control?
Isn't the best form of gatekeeping a password I conjured myself in my mind that nobody would know? That they can guess but if they wanted to - they will have to spend time decoding it bit by bit, like encryption?
We used to get warned not to write down our passwords on paper in case they get stolen by someone - well, then they would have to steal it first don't they? And guess which username and what purpose that password is used for - is it banking, an email account etc.
And yet now, you have the feature of asking us to save both our usernames and passwords in the system together - a feature offered as a good thing, a convenience? You actually have someone in the ranks of Microsoft suggesting this? And people approving it - and oddly no one, from business teams, managerial, compliance, legal down to software engineers - nobody had the sense to raise the same concern I have?
Together with some strange option to let you check this against hacked databases where again, I ask - where are these hacked databases and if Microsoft clearly has some regular sources they check for such violations, why aren't they just calling the cops to pin down where these databases are like how illegal hosting sites are hunted down?
Banking pins are still sent out with the same warning to change it to our own personal one quickly and dispose of it asap - dun keep it around. At least if I keep it lying around at home, if someone is stealing it - it's got to be someone with access to my apartment.
Isn't what you're doing a thousand times worse than writing not just one, but all my passwords on a piece of electronic paper and leaving it somewhere out of my house, out of my sight and control and serving it up on a silver platter to someone who might one day steal it? You're asking users to do exactly that but together with the username and records of where we used that so there's no need to even guess what account the username/pass is for if a lucky stealer gets their hands on it.
And you're asking us now to keep that paper electronically on our computers and in your databases where we have no control over who accesses that in your corporation and frankly, neither does Microsoft cuz who knows when & which employee will get itchy fingers?
What is going on here - do you think your users are imbeciles?
