Coffeehouse Post

Single Post Permalink

View Thread: Windows ID and Hackers
  • User profile image

    A pin is just a very insecure replacement for passwords. Not really worth discussing, IMHO.

    I wasn't aware that Microsoft Accounts provided one time codes like that. That is a form of two factor authentication that's a step in the right direction, though I think Google two factor authenticatin (via TOTP) is better. However, either form has usability problems that mean people just aren't going to use them. I want to see that addressed.

    Edit: actually, after having read about "one time codes", I'm not sure they could be considered two factor, and I honestly don't see how they add much security. The description (found at makes it sound like you can obtain the code without using your password. This means it's one factor, not two factor. You authenticate with something you have (your phone) instead of with something you know (your password).