@glyph Did you quote post something?
Uncategorized
903
Posts
312
Posters
0
Views
-
@glyph I vaguely recall that microsoft has a company-wide mandate enforced by performance evaluations for all employees to "improve security". considering that security is a purely additive concept, it stands to reason that every new "two" factor challenge "improves security"
@aeva In all seriousness the fact that it seemed to still use push-notification MFA and emailing both links and codes even after provisioning passkeys, I do not know that I could have designed a better conditioning scenario for alert fatigue to ensure users are maximally primed to get phished as easily as possible
-
@aeva In all seriousness the fact that it seemed to still use push-notification MFA and emailing both links and codes even after provisioning passkeys, I do not know that I could have designed a better conditioning scenario for alert fatigue to ensure users are maximally primed to get phished as easily as possible
@aeva like mcc and I have a bit of a nuanced ongoing quibble about the value of phishing resistance and thus of passkeys. but it’s like this system was engaging in some kind of contest to figure out how to get all the UX complexity and unpleasantness of passkey auth but with a strict requirement that it must remain trivially phishable
-
@mirth bummer :-(. the migration window was open for like … 10 years, but my spouse also almost missed it, and only caught it by luck. she either didn’t get, spam-trapped, or didn’t read the relevant migration spam and she only noticed that she needed to do a manual migration because she happened to get a new machine and thus lost her old-style auth cookie a few months before it closed forever
@glyph It's pretty dishonest and probably breach of contract but in the US this tends to be how things go.
-
@glyph@mastodon.social @xgranade@wandering.shop they say tragedy + time = comedy, but this thread also suggests that tragedy + a montage cut = comedy because
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph I've had the immense displeasure of having to use sharepoint recently and it's truly a russian roulette of whether or not I'll be able to access a document I had access to the day before. hilariously the most reliable way to regain access is to *clear* cookies, aka logging out??
-
@glyph I've had the immense displeasure of having to use sharepoint recently and it's truly a russian roulette of whether or not I'll be able to access a document I had access to the day before. hilariously the most reliable way to regain access is to *clear* cookies, aka logging out??
@nebulos oh yeah up until about 8 months ago, I had to manually clear cookies on 10 different domains in order to even be able to log in on macOS safari. not obviously connected domains either. I had a whole checklist. it’s been a big upgrade to be able to auth without using dev tools
-
@nebulos oh yeah up until about 8 months ago, I had to manually clear cookies on 10 different domains in order to even be able to log in on macOS safari. not obviously connected domains either. I had a whole checklist. it’s been a big upgrade to be able to auth without using dev tools
@nebulos to be clear I am not doing a bit here, this is 100% literal. I have no idea why my account was in this state for years while most aren’t; I do know *most* aren’t
-
-
@nebulos to be clear I am not doing a bit here, this is 100% literal. I have no idea why my account was in this state for years while most aren’t; I do know *most* aren’t
@glyph everyone I know who uses sharepoint has at least a *little* bit of this problem, even if it's not quite so bad as 10 domains but idk wtf's going on at microsoft - I've seen more sensible engineering in my toilet bowl
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph … and woe betide you if you have the misfortune to both (a) be a teacher in a school system that uses MS infrastructure, and (b) have children studying in the same school system. This appears to be a use case that MS authentication is unable to account for. It doesn’t matter what you’re trying to do - you’re logged into the “other” system, and trying to correct things only makes things worse. Incognito browsing and/or completely separate browsers appears to be the only solution.
Ask me how I know.
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
@glyph this is the exact trick is why I won't use them.
(My daily driver is a windows machine. It's got this slime at the os level)
-
the folks trying to get open source developers to boycott github are barking up the wrong tree. just get an agent hired at microsoft who internally advocates to remove unnecessary duplication in the login systems. get a promo out of it, it totally makes business sense. require every current github user to use login dot live dot com. 50% marketshare reduction within the year, I guarantee you
Two things.
1) Who is there bullying developers to boycott it? WTF?!? That sounds a bit extreme considering the platform is getting more and more annoying to use all by itself by the day...
2) I'm surprised that Microsoft hasn't forced GitHub to use Azure AD for Authentication by now too...
-
@Shivaekul in our case, we probably *do* actually want the parent in question to have their own separate copy of minecraft, and so this is more of an abstract question, but I *do* imagine it will become practical soon, which is: *is* it possible to move a Minecraft purchase to a different Minecraft account? Based on the "xbox", "minecraft", and "microsoft family" information architecture I have to assume that if this is possible I'll find it on Outlook Dot Com somewhere
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph guests tried to play XBox today. Neither I nor my adult child were able to get them in to play.
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
@glyph my experience of using passkeys is that if by fantastical chance every single element of the software stack I'm using is compatible, then I'll randomly get a pop-up asking if I want to log in with a passkey instead of having my password manager autofill the password. There's no time savings. And it still wants a six digit code afterwards.
Last week one of my accounts, which previously did the passkey prompt, started instead prompting my to "touch my Yubikey". I don't have a Yubikey. I've never used a Yubikey for any account. But there's no option to click to contradict the software's assumptions. (Also, most users would have absolutely no idea what a Yubikey is or why you would touch one.)
My experience of using passkeys is strictly worse than a normal password manager. Plus, it's easy to understand how a password works, whereas it seems like I'm not allowed to understand passkeys, or at least nobody is interested in trying to explain it to build user confidence that they're secure, you're just expected to believe in the magic. Engineers who have only ever used top-of-the-line Apple products and never shared devices with another person took a formidable problem (password reuse) and invented a treatment that is significantly worse than the disease.
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
@glyph encountering a passkey on an iPhone is a way better experience than encountering it on windows. Even still the UX is a giant mess across the ecosystem.
(Insert rant about discoverable keys)
I do hope we sort this out, but it feels like an uphill battle
-
@glyph encountering a passkey on an iPhone is a way better experience than encountering it on windows. Even still the UX is a giant mess across the ecosystem.
(Insert rant about discoverable keys)
I do hope we sort this out, but it feels like an uphill battle
@cthos this whole experience was on apple devices but there is only so much that can be mitigated
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph this is why I try my best to avoid anything made by Microsoft. It's not just authentication system, EVERYTHING they do is like that
-
@cthos this whole experience was on apple devices but there is only so much that can be mitigated
@glyph *sigh* I am going to have to put up a rant one of these days about all the little annoying UX foot guns aren't I?
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
#pluralistic describes it as the "fat-fingered economy" portion of surveillance capitalism.
They deliberately redesign interfaces to increase the changes of clicking on the wrong thing.
Linking phones to identities to laptops to home appliances to home addresses to email to bank accounts & credit cards to passports & driver's licenses...
Connecting games accounts to social media accounts to college accounts...
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Messaggio in codice da Qaanaaq
-
Avete fatto bene ad accendere i caloriferi...
.
#caturday #CatsOfMastodon #Miagolina
-
@poleguy yes, ty! In real time wasd control.
On video below it’s how I see it on pc screen (with actual audio).
-
@js wow, that's *TurboTax*?
-
@ut3usw that's fun. Are you controlling/calculating this in real time?
-
@gmarcosanti buona come la focaccia ligure?
-
@rygorous denied lol
-
@magostinelli bello!
