Coffeehouse Post

Single Post Permalink

View Thread: Windows ID and Hackers
  • User profile image

    I'm sure most of you have read about the "epic hack" of a (ex-?) Gizmodo employee this last week ( It's probably been discussed already on here, I just haven't searched for it. I don't want to discuss this particular hack so much (which is why I didn't search), but rather the implications with regard to Live ID (or Windws ID or what ever name it's getting with the rebranding of everything).

    I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can't put a price on.

    Live ID has already grown to be much the same thing, but it's going to be much worse with Windows 8, where people use it to logon to their computers and control pretty much everything "in the cloud" surrounding apps on Windows 8, Windows Phone and even Xbox. The slogan should almost be changed to "three screens, the cloud, and one set of credentials". This is dangerous and scary, to be honest.

    Microsoft needs to address the problems here. Two factor authentication is, I think, a minimum requirement. A solution like Google has already would be a good first step, but it has problems. The necessity to enter in a randomly changing numeric code in addition to your user name and password, and the things you have to do to manage applications (like e-mail programs) that don't understand two factor authentication, make it a pain to use. Any pain (aka friction) here, and you know most users won't use it, and thus are at great risk. We need to make two factor authentication easy and painless for users and developers. This means API support, OS support, software support (like web browser integration) and hardware support. Rather than having to type in those digits, users should be able to use bluetooth, NFC, USB and/or some other mechanism to quickly and easily provide this second factor.

    At a minimum, I want to hear that Microsoft is providing some sort of two factor authentication in the very near future. I'd much prefer to hear that they are also trying to address the pain points of two factor authentication for the future... and hopefully are doing so in a way that can be standardized across the industry.

    Charles, can we get any kind of feedback from Microsoft about this topic?