Microsoft Hops On Two-Factor Authentication Bandwagon 132
itwbennett writes "Following similar initiatives by Apple, Google and Facebook, Microsoft is enabling two-factor authentication for its Microsoft Account service, the log-on service for many of its online and desktop products. Users will find instructions on how to add a second form of authentication on the Microsoft Account settings page. The chief form of secondary authentication will be a short code sent to the user's mobile phone, the number of which Microsoft will keep on file, each time the user logs on."
What does this mean? (Score:5, Funny)
Will I not be able to pirate Win8.1?
Re: (Score:2, Insightful)
Who cares?
Does MS even understand Two Factor (Score:1)
I'm not sure Microsoft actually understands two factor authentication. The description (could be wrong, didn't read the article) doesn't sound like two factor authentication to me.
Re:Does MS even understand Two Factor (Score:5, Informative)
It is 2 factor authentication.
The 3 authentication factors are:
Something you Know.
Something you Have.
Something you Are.
This meets 2 of those factors, a password (know), and your phone (have).
Re:Does MS even understand Two Factor (Score:5, Funny)
It is 2 factor authentication.
The 3 authentication factors are:
Something you Know.
Something you Have.
Something you Are.
And a fanatical devotion to the Pope- Four! Four authentication factors!
Re:Does MS even understand Two Factor (Score:5, Funny)
I certainly didn't expect a spanish inquisition joke.
Re: (Score:2)
Four factors: Old, New, Borrowed, and Blue. (Score:2)
2 -- something new,
3 -- something borrowed [wikipedia.org],
4 -- something blue [wikipedia.org],
Wait, isn't that [wikipedia.org] what we were talking about?
Re: (Score:1)
a normal privacy-free human being.
FTFY.
Re: (Score:3, Insightful)
You're thinking of Google.
Microsoft is surprisingly good about privacy. I'm not sure if it's part of MS's culture, or a side-effect of their loss of market leadership. Either way, I find MS to be quite trustworthy with regards to privacy.
MS can be fairly competent when they aren't a monopoly and can't bully others around.
Re: (Score:1, Insightful)
"Scroogled" is just silly marketing. I'm talking about actual privacy. Google tracks and *STORES* everything you do on the internet that touches a Google server. MS does not. That's because that's Google's business model.
And Google is caught, constantly, repeatedly, and without remorse, doing bad things with people's private data.
But, no, MS follows the laws of other countries? OMYGOD! Guess what: Google does as well. They have to. It's (duh) the law.
Re: (Score:2)
Oh, now, that's simply not true. Google may not feel any remorse about what they've been caught doing, sure, but they clearly feel great remorse over being constantly and repeatedly caught.
Re: (Score:1)
Because Google gives out geek toys and speaks nerd.
Which would be wonderfully fantastic, if it wasn't a trojan horse.
Re: (Score:3, Funny)
Yes. Microsoft, who hires thousands of the best developers including elite Ph.D researchers and pays them large sums of money doesn't know what two factor authentication is.
You cracked the case, Murder She Wrote.
Re: Does MS even understand Two Factor (Score:4, Informative)
Re: (Score:2)
http://www.youtube.com/watch?v=asNHCGYb9AA [youtube.com]
Re: (Score:2, Troll)
Re: (Score:3)
I suspect they understand what two-factor authentication is quite well, and that is the reason that their label for what they are doing is "two-step authentication", which is only confusingly similar to "two-factor authentication". They very carefully do not actually call it "two-factor authentication".
Two-step *NOT* Two-factor (Score:4, Informative)
The new option Microsoft authentication approach, as they describe [technet.com] it, is "two-step authentication", not "two-factor authentication". And, while the correct choice among the options they provide might make it two-factor authentication, they don't seem to focus on that in any particular way.
Two-factor authentication is "something you have and something you know" (commonly, the something you know is a password, the something you have is a device generating comfirmation codes.) The options for the second step in authentication (password is the required first step for Microsoft accounts) include a code sent to an email address on file, making it "something you know" (your Microsoft account password" plus "something else you know" (the password to alternative email.)
(Plus, since its sent through regular plaintext email if you are using that option, the second "step", in that case, relies on you supplying back information that Microsoft sends you over a completely insecure channel.)
I understand the *convenience* offered by the alternative to actual two-factor authentication here, but I don't understand why this is done since the convenience in "two-step" authentication that allows you to choose for it not to be two-factor authentication defeats the entire purpose of not using simple one-factor authentication.
Re: Two-step *NOT* Two-factor (Score:2)
Re: (Score:1)
If you store your password on your phone then you aren't using this correctly. You say your use RSA tokens, and you consider that 2-factor. If some user choose to write their user name and password on the back of the RSA token then THAT USER is using it incorrectly, NOT you. The same situation applies here for microsoft, if you choose to store your password on the same token generating device then you broke it, not microsoft.
Re: (Score:2)
The system that MS describes requires you to know two static pieces of information. Yes the second piece was sent to your phone via an unsecured connection. It doesn't require that you actually have the phone. RSA tokens require you to have the token for two minutes or so. After that any information you have copied is useless.
If some user choose to write their user name and password on the back of the RSA token then THAT USER is using it incorrectly, NOT you. The same situation applies here for microsoft, if you choose to store your password on the same token generating device then you broke it, not microsoft.
A user choosing to be callous with the secret information that they know is a red herring. It doesn't change the fact they they were required to know it. Just like some two-facto
Re: (Score:2)
I have a microsoft account. The password for this account is only in my head, it is not stored on my phone anywhere. I don't use the account for email so it isn't stored for later. If I want to log in to MSDN from my desktop under this new system I need to use my password from my head, and I need to have access to the phone to receive the code sent to it via SMS. If someone swipes my phone they can not get in to my account because the password is not stored on it. If someone finds my password they can't get in without my phone. That sure sounds like 2 factor authentication to me.
By definition: Two factor means two different ways to authenticate not two different pieces of information. A username and password is not two factor. Adding a secondary code that you are required to know is still not two factor. For most systems what you know and what you have are the most common. A key fob, RSA token is commonly a second factor. A third factor is who you are (like DNA/eye scans). What MS describes is a second code. It is still not two factor. Now they deliver the code via an une
Re: Two-step *NOT* Two-factor (Score:2)
Re: (Score:1)
The new option Microsoft authentication approach, as they describe [technet.com] it, is "two-step authentication", not "two-factor authentication". And, while the correct choice among the options they provide might make it two-factor authentication, they don't seem to focus on that in any particular way.
Two-factor authentication is "something you have and something you know" (commonly, the something you know is a password, the something you have is a device generating comfirmation codes.) The options for the second step in authentication (password is the required first step for Microsoft accounts) include a code sent to an email address on file, making it "something you know" (your Microsoft account password" plus "something else you know" (the password to alternative email.)
(Plus, since its sent through regular plaintext email if you are using that option, the second "step", in that case, relies on you supplying back information that Microsoft sends you over a completely insecure channel.)
I understand the *convenience* offered by the alternative to actual two-factor authentication here, but I don't understand why this is done since the convenience in "two-step" authentication that allows you to choose for it not to be two-factor authentication defeats the entire purpose of not using simple one-factor authentication.
According to the article the message is sent to your phone via Text Message, NOT email. This means you have to physically have access to the phone to receive the message. Combine this with your password and that sure seems like 2 factors to me.
Re: (Score:2)
Both TFA [1] and, more importantly and more explicitly, the actual Microsoft announcement [technet.com] [2] linked in TFA on which TFA is based note that users have the option of using either a secondary email address (to which email is sent) instead of a mobile phone number (to which SMS is sent) for the "second step".
[1]: "Microsoft is using additional verification methods such as a short code sent to the user's mobile phone, which
Re: (Score:1)
Just because the user doesn't opt to use the true 2 factor for authentication doesn't mean Microsoft doesn't allow it.
In the past 2 factor authentication was not available, after this change it is. I'm not trying to address end user usability, just the fact the the post I originally responded to tried to claim that this solution doesn't really offer 2 factor authentication when it clearly does.
Re: (Score:2)
Sure, but the fact that Microsoft calls it something confusingly similar and enables modes of operation for its "two step" system that aren't 2 factor auth, and doesn't do anything to draw attention to the security differences between the options that are two-factor auth and those that aren't, means that lots of people are going to be misled into bad choices.
Its good for those who already un
Re: (Score:2)
two factor authentication requires two factors to authenticate. From the MS piece this reads like Apple's recent enhancement and it is *not* adding two factor authentication to your MS (or Apple) account. Rather it revises the account recovery process to, in principle, better protect an account from being "stolen" via social engineering. Great, that has some utility. But two factor authentication it is not.
To be clear: two factor authentication for the account would be if two separate factors were required
Re: (Score:1)
Once again, it DOES use 2 factors. Your password, which should only be in your head, and and physical access to the the phone to receive the text message containing an access code. I don't understand why this is so hard for people to grasp.
Re: (Score:2)
its fairly similar to Apple's new option which isn't two factor (and apple doesn't call it that), but is widely *reported* as being "two factor". In the case of Apple, you can secure your account against normal password recovery attacks (e.g., a social engineering call to Apple support with a bit of personal information gleaned from facebook). And while that may have some utility for some people it is definitely /not/ two factor authentication.
Re: (Score:3)
Two step and two factor are two terms used for the same thing. Virtually all two-factor authentication mechanisms work via two steps -- that includes hardware token, software token, biometric, etc ... In fact, its *extremely* rare for a two factor authentication to be single-step.
The differences you're talking about are not even being pedantic, they're also irrelevant to the fact that its two factor/step.
Re: (Score:3)
Sure, two-factor necessarily is two-step (since providing each factor is a step), but not all things that use two steps are also two-factor (just as all humans are mammals, but not all mammals are humans.) And, while if you choose the authenticator option (and, with some substantial caveats, arguably also the SMS option), the Microsoft two-step process can be a two-factor system, it also includes one option (the email option) which is unm
I have a land line, you insensitive clod (Score:1)
"The chief form of secondary authentication will be a short code sent to the user's mobile phone"
Some people don't have $400 per person per year for their own mobile phone. Instead, they share a house phone. Since when can land lines receive text messages?
Re: (Score:1)
Re: (Score:2)
30 buck Nokia with pre-paid SIM? Where do you live that you can't afford a basic cell phone?
Besides, you can generate the required codes:
http://en.wikipedia.org/wiki/Google_Authenticator [wikipedia.org] - available for nearly every modern computing device.
Balance expiry; cost to receive texts (Score:2)
pre-paid SIM
Each U.S. carrier that I've looked at will expire the balance on a prepaid mobile phone account if the user doesn't top up regularly. And in the United States, the receiver pays 20 cents to receive a text message unless the receiver is on a monthly unlimited texting plan. Having to pay the carrier a dollar every five times I log in to anything that uses a Microsoft account could add up quickly.
Re: (Score:2)
"The chief form of secondary authentication will be a short code sent to the user's mobile phone"
Some people don't have $400 per person per year for their own mobile phone. Instead, they share a house phone. Since when can land lines receive text messages?
So? If you don't have something, you can't use it. This is simple. You constantly seem to think that because something costs money, it's useless because there exists somewhere a person who can't afford it.
How does that make any sense? What product in the world lives up to that criticism?
Why constantly feel the need to knock things down that add value to the world? If you don't have a cell phone, you can't use this, but that it exists means that the billions of people that do have a cell phone can. The cell-
Mandatory 2-factor authentication (Score:2)
If you don't have a cell phone, you can't use this
As of right now, "this" means the 2-factor authentication for a Microsoft account. Perhaps my paranoia comes from a fear that Microsoft might make 2-factor authentication mandatory.
Re: (Score:1)
If you don't have a cell phone, you can't use this
As of right now, "this" means the 2-factor authentication for a Microsoft account. Perhaps my paranoia comes from a fear that Microsoft might make 2-factor authentication mandatory.
But they haven't. Quit hanging people for things they *can* do, but *haven't* done.
Why live in fear of the infinite possible bad things that can happen? Very few of them ever actually come to pass. You're letting things that don't exist, and never will exist, limit your life. And what's worse, you constantly advocate against others using those things as well, asking them to make their lives worse too.
For what? The non-existent? How dreadful!
Excuses to get phone numbers (Score:5, Interesting)
If MS really cared that much about security they would offer the use of client certificates. Much more secure than SMS.
Judging by what passes for acceptable practice today my guess this is all likely all effectivly a moot point as convenience password recovery measures effectivly curtail actual security gains.
Re: (Score:2)
What if "security" is not the main goal of the change? Knowing your phone number goes a long way to identifying who you really are. It is unlikely that you have an alias associated with your cellphone account.
Re: (Score:2)
client certificates are a retarded system for users, they only result in a user not using anything. That is like giving someone a 10 pound sledge hammer to push in a thumbtack.
Why? Import a pk12 file into a browser takes seconds. What is the big deal?
Re: (Score:2)
client certificates are a retarded system for users, they only result in a user not using anything. That is like giving someone a 10 pound sledge hammer to push in a thumbtack.
Why? Import a pk12 file into a browser takes seconds. What is the big deal?
And when you use a different browser, say while at a friend's house?
Re: (Score:2)
And when you use a different browser, say while at a friend's house?
There are corner cases for all solutions including passwords. Security is fundementally a tradeoff.
Last time I used someone elses computer to login to anything was 10 years ago. I would argue using a "friends" or otherwise untrusted guest computer is insecure and unwise.
Client certs are one of the few viable options to provide cryptographic binding of identity to session encryption.
Re: (Score:2)
And greatly degrades the usability of things like webmail (what's the point if you can only check it from one place?). Or consider it's also tied to Xbox Live, you MIGHT want to access your account for a cloud saved game, or play a game you bought that your friend doesn't.
There's probably other services as well - like MSDN/TechNet that ar
Re: (Score:2)
Last time I used someone elses computer to login to anything was 10 years ago. I would argue using a "friends" or otherwise untrusted guest computer is insecure and unwise.
I posit that the majority of webmail users have used someone else's machine to check their e-mail within the last year. I know I have. In addition, for me, there's the fact that I have too many machines, and change machines too often. Right now, for example, I authenticate to Google regularly from a MacBook Air, two Ubuntu desktop machines, two Chromebooks, two tablets and a phone. Having to manually propagate a .p12 file to all of these would be enough of a pain that it might deter me using stronger authe
Re: (Score:2)
I posit that the majority of webmail users have used someone else's machine to check their e-mail within the last year. I know I have. In
If you don't care about security then why would you bother enabling two-factor authentication in the first place at all?
I am not advocating this as the only solution suitable for everyones needs. My only observation is the option should be made available for people who care about security.
addition, for me, there's the fact that I have too many machines, and change machines too often. Right now, for example, I authenticate to Google regularly from a MacBook Air, two Ubuntu desktop machines, two Chromebooks, two tablets and a phone. Having to manually propagate a .p12 file to all of these would be enough of a pain that it might deter me using stronger authentication at all. Heck right now I have a new Chromebook that I've had for a week and still haven't gone through the process of installing a certificate needed to allow it on the corporate network. It's a simple process, but it's enough of an obstacle that it deters me.
Clicking on a file is not a big deal no matter how many computers you have.
If you don't want to exert the effort that is your perogative. Nobody is forcing you or saying you you must only use client certs. Certainly not
Re: (Score:2)
Also, using certificate-based authentication is that it makes the "something you have" your computer, rather than a separate device. There are threat models in which that's a better solution than having your phone be the second factor device, but there are also models in which it's much worse.
This is a dangerous illusion we've seen explioted ad nauseum (e.g. token cards) If you don't trust your computer then using it anyway is completely nonsensical.
Re: (Score:2)
Also, using certificate-based authentication is that it makes the "something you have" your computer, rather than a separate device. There are threat models in which that's a better solution than having your phone be the second factor device, but there are also models in which it's much worse.
This is a dangerous illusion we've seen explioted ad nauseum (e.g. token cards) If you don't trust your computer then using it anyway is completely nonsensical.
Trust isn't boolean. There are many different ways some portions of your computer might be compromised in a time-limited way.
Re: (Score:2)
You mean export? Only you are allowed to have your private key file, so the browser needs to generate it (unless you are going to install openssl and do it manually). You then export your public key file, and send that to Microsoft.
Or do you suggest some kind of broken model where Microsoft generates the key that only you are allowed to ever have a copy of, and sends it to you through some insecure communication medium like the internet or phone network?
Both options are completely acceptable to me. At some point you would have had to create an account using some pre-existing trust relationship. This is typically done online using an SSL session with trusted roots stored in a browser. At this point when you are sending your passwords and all associated data to the remote server if the server wants to send you back neat file with public/private key pairs I have no problem with that.
The only reason for having the client cert is to provide strong identity to
Only kinda-sorta new ... (Score:3)
Microsoft Accounts have supported two factor authentication for "sensitive" actions for quite a while -- adding trusted PCs, changing billing methods, resetting passwords, etc ...
Two things new with this:
- The ability to set the account to require it at login for normal authentications
- The ability to use 3rd party token applications (like Google Authenticator) for the tokens, instead of SMS.
So? They do this regularly! (Score:1)
Microsoft is constantly hopping on bandwagons. It gets them free advertising. They don't care that a good chunk of the population points out that they do things poorly, mislabel things, intentionally name things wrong, break standards, break other products, etc... They care that you are talking about them.
Every other week we read about MS hyping some other bullshit they think they invented. Most laugh at them, a few fanbois run out and buy what ever they are hawking, but most importantly we all see their
All these authentication measures want my cell (Score:1)
All of these authentication measures seem to want my cell phone.
I don't have onr, and you can phone me when Hades freezes over.
Re: (Score:2)
Ditto on the above. It's bothersome enough that they have the presumption that I have one BUT worse, once they have it, they can add automatic tracking of my location to their database if I have location services enabled on the phone. AFAIK, that's open all the time the phone is on -- unlike, 'theoretically', the emergency location transponder that is enabled when you use emergency services.
Isn't such such tracking considered a feature for those using the phone to take location-labeled pictures?
Bullshit. (Score:2)
It's a trade-off between either the extra security of two-factor authentication, or the convenience of linking more than one account to be able to switch between them with ease. Why can't Microsoft follow Google's lead and give us the ability to both log in securely and stay logged in to multiple accounts at the same time? It's irritating enough to have to log out and then log back in with the other username/password, and the "stay logged in" check box is fucking useless when you have to log out every god
Re: (Score:1)
Re: (Score:3)
Maybe in your world but not in mine. Reception where I live sucks. Bandwidth is barely acceptable and a mobile is practically useless. I do not own one and while telcos continue to screw us and the governments charge exhorbitant fees for what is essentially nothing (go on - define spectrum) I'm waiting for something that provides me with ACTUAL value.
Yes, and the Amish don't watch porn on the internet.
There are always exceptions to any rule when it comes to human beings.
Re: (Score:2)
This isn't really two-factor auth. If someone steal your phone, you are screwed.
Something you Know (password).
Something you Have (phone).
Something you Are (doesn't do this yet).
Sounds like it's meeting 2 different factors of authentication to me.
Re: (Score:2)
Re: (Score:2)
Unless of course the phone is used to access the email with a stored password, which is the typical use case with phone email access.
Unless the user doesn't store their password on the phone. Then it IS 2 factor. The user doing something by their choice doesn't negate the fact that this is 2 factor authentication if used "correctly".
Re: (Score:2)
Re: (Score:1)
Unless you don't have a phone lock password, in which case you are explicitly stating that you don't give a shit about security at all...
Re: (Score:2)
Re: (Score:1)
First of all, you merely just repeated what I said with regard to specifying if the user does or does not store passwords. Now, here is a quiz for you. I already have my phone set up to remember my email address. Without deleting and recreating the account in the mail client, how do I tell it to forget the stored password? Furthermore, people keep their password stored on the phone for a reason. A good password is a royal pain in the ass to type in manually on a smartphone.
The first rule of good password use is that you don't write it down or store it anywhere. If you store your password on your phone then YOU are sacrificing some security in exchange for convenience. The exact same things happens if a user writes their password on the back of a physical SecuID token, yet those tokens are considered part of a 2 factor system. In any security system the users are the weakest part. Even 2-factor systems can be broken by the bad practices of the users.
Re: (Score:2)
Re: (Score:1)
Your post has nothing to do with the actual conversation.
Ok, please tell me which of the following statements are wrong and why.
1. This system requires the user to enter a password. .This system can be configured to require the user to enter a code sent via SMS to the user's phone.
2
3. A password is an authentication factor.
4. Physical access to an object is an authentication factor.
5. 1 + 1 = 2
Re: (Score:2)
Re: (Score:1)
#5 is wrong. You used addition when you should have used multiplication. The system that requires the user to enter a password is the same as the system that the user must have. That is 1 system, not two. 5 Should read: 1 * 1 = 1
No it isn't. I don't store my microsoft password on my phone. My microsoft password exists only in my head, as properly used password should. Just because YOU CHOOSE to store your password on the same device as your token does not mean that it isn't 2-factor authentication. It sounds like you are using 2 factor authentication wrong, not microsoft.
Re: (Score:2)
Are you some kind of moron? My phone isn't a token. That is the whole point. The standard use case is for passwords to be stored on the phone. Everyone does it, because one would be a moron not to do so. It would break the entire mobile email system. Hey, I'm about to do a 10 minute check to see if you have email now, please enter your password again! If you want a token you need a separate system. Good luck learning the basics of c
Re: (Score:2)
Re: (Score:2)
I didn't say they didn't implement it. It is merely that they have broken functionality.
Re: (Score:1)
I still wouldn't mind so much here - the number of people that can access the account is restricted to exactly 1 since only one person can possess the phone at any given time. Unless someone wants to sit there and field passcodes to everyone that wants to hack the account, but this would be painfully slow.
Besides the carrier would reissue the phone and disconnect the old one with good ID and it's fairly easy to prove that you're paying the phone bill anyway.
Re: (Score:2)
Authorized computers don't need extra verification and they'll probably have the printable one-time-code pads, like google. Nothing keeps you from using any RFC 6238 passcode generator, like those on this list, [wikipedia.org] on a second device (as you can see there's plenty to choose from) - it's just a matter of inserting the same code in all your generators.
Re: (Score:3, Informative)
Unless you're a Microsoft developer, what would anyone want a "Microsoft account" for? Hotmail?
windows live (PC gaming). Xbox gaming. Hotmail.
Re: (Score:1)
Steam, Battle.net, Gmail.
No Microsoft in sight!
Re: (Score:2)
windows live (PC gaming). Xbox gaming. Hotmail.
Steam, Battle.net, Gmail.
Both Steam (for Valve and those who publish through Valve) and Battle.net (for Blizzard) are primarily for games in mouse and keyboard genres, as I understand it. Other than Xbox Live, what service caters to gamepad gamers?
Re: (Score:2)
I wouldn't want to play Mega Man or Metroid with a keyboard and a mouse.
Mega Man, Metroid, and New Play Control (Score:2)
Re: (Score:2)
1. Mega Man Legends was one of the worst games I've ever played.
2. Anyone who considers 2-D games "relic" isn't worth arguing with.
Help me build the counterargument (Score:2)
Anyone who considers 2-D games "relic"
It's not that games with 2D graphics are "relics". It's that gamepads are allegedly "relics". The most popular mobile gaming platforms today are iOS and Android, and those ship with a capacitive multitouch screen. A lot of popular touch-oriented games, such as Angry Birds series, use 2D graphics. So do plenty of mouse-driven Flash games on Newgrounds. Other than 2D platformers and fighting games, whose popularity compared to other genres has waned, what genres really need a gamepad?
isn't worth arguing with.
Yet pointing device advoc
Re: (Score:2)
Why not? How is the Wii-mote any different than a mouse? And the keys on the Wii-mote are pretty much like a keyboard. The newer editions of Metroid have you aiming by pointing the Wii-mote, this is not much different than any other FPS on the computer. It would be much easier to use a keyboard/mouse than the Wii controllers.
Re: (Score:2)
I was obviously referring to Metroid and Super Metroid. Trying to play Metroid Prime with a gamepad like the ones on the PS3 or the Xbox360 would be a nightmare.
Re: (Score:1)
Time to upgrade to a real control scheme then.
Or, you know, not limit yourself out of silly fanboyism.
Games that are on 360 but not on PC (Score:2)
I don't think very many genres benefit from having controller support
In light of someone's recent post about what he perceives to be the reality of the video game market [slashdot.org], I've been doing a bit of research into what makes a game better with a controller than with a pointing device. Any game where the player controls one character on the screen that moves and jumps would benefit from a gamepad. Platformers and fighting games are the big ones, and I'm not sure how well the Zelda games for DS worked with pointing-device-only control.
if the game supports a controller on the xbox/ps3 then it probably does on the PC as well.
Mortal Kombat (2011) doesn't support a contro
Re: (Score:2)
Yes, I think we know that there are alternatives to Microsoft. The original question was why would you want to use a Microsoft account. It's self evident that it would be for Microsoft services.
Re: (Score:3)
Re: (Score:2)
I have one for downloading apps onto my Windows Phone.
I'm pretty sure that's illegal in slashdot-world.
Re: (Score:1)
Unless you're a [insert company name] developer, what would anyone want a "[insert company name] account" for?
Re:Microsoft has accounts? (Score:5, Informative)
Unless you're a Microsoft developer, what would anyone want a "Microsoft account" for? Hotmail?
Skype, Hotmail, Live properties, Xbox Live, Messenger, Windows 8 users with linked accounts, Skydrive ...
Microsoft has more individuals with accounts than anyone else, by far.
You may not have one (although, even if you were 100% Linux, unless you've never used Skype, you do have one), but virtually every other person with a computer does.
Re: (Score:2)
Hotmail/Outlook webmail, Xbox Live, Windows 8 sync features, SkyDrive, Office 365, Messenger/Skype, MSDN/Technet, online Microsoft store, and I'm sure there's a few more obscure things.
Re: (Score:1)
I don't think you understand the question. He means, why would anyone want to use a product that he doesn't use?
He doesn't use those things, ergo no one else should either. It's the Slashdot way.
Re: (Score:1)
when i can have Bills, Balmers, Larry, Sergei and the rest of the executives
maybe someone should start a website with this information, if you have nothing to hide..........
Go get a free Google Voice number that you only use to receive the text messages on.
Re: (Score:2)
Go get a free Google Voice number that you only use to receive the text messages on.
From the signup page:
What alternative to Google Voice do you recommend for people outside the United States?
Re: (Score:2)
What alternative to Google Voice do you recommend for people outside the United States?
Baidu Voice! But all calls are screened to make sure you only say nice things about the Chairman.
Re: (Score:2)
Re: (Score:1)
William Shatner? Or the Japanese guy?
Re: (Score:2)
Google added the USB-dongle called the YubiKey, which is "something you have" that can squirt a code for a second factor. I prefer not using my phone number either. There are other OpenID solutions possible as well-- that are datum-based, rather then some other ID field that ought not to be distributed.
Re: (Score:2)
Google also has the "Google Authenticator", which DropBox also uses. It's free, open-source, and multi-platform. It would have been nice if they had it as an option, as it works quite well (nice for SSH as well).
Re: (Score:2)