Microsoft hides option to use Windows 10 with a local account - GDPR violation?

[Jito463]

5 hours ago, Kisai said:

The only thing holding back passwordless logins is that desktops often lack all the features necessary (camera, fingerprint sensor, tpm, mobile phone, security key) , meanwhile laptops, mobile phones, and iMac's have them.

Not my laptop.  I literally unplugged the webcam.  It's physically unplugged and can never be accessed, unless I plug it back in.

[mr moose]

9 hours ago, Kisai said:

1980's IBM would beg to disagree. The "open PC" was genuinely a fluke due to the way copyright law was written then, and it's the same reason why you can modify your computer/phone/car/game console and not have the company sue you for doing so. There was never an "open Mac" because the mac firmware was part of the operating system, making something compatible with the pre-OSX mac was simply never going to happen in a clean room.

 

Had Compaq never existed, and did it exactly how they did it, there would not be a "PC" platform today. Hell, the PC platform would look like the consoles today. You can only buy software that is blessed by the publisher.

 

Microsoft can't stuff that genie back in the bottle with Windows anyway, since it would break 30 years of software, because we've had 32-bit hardware since 1987. Microsoft won't get a chance to change this unless they decide to cut 32-bit support from Windows entirely.

 

Remember the Pentium III Processor serial number? The TPM / T2 modules in PC's today is just the evolution of that scheme.

 

https://www.microsoft.com/en-us/microsoft-365/blog/2018/11/20/sign-in-to-your-microsoft-account-without-a-password-using-windows-hello-or-a-security-key/

 

This is why they push this stuff. The only thing holding back passwordless logins is that desktops often lack all the features necessary (camera, fingerprint sensor, tpm, mobile phone, security key) , meanwhile laptops, mobile phones, and iMac's have them.

 

It's only a matter of time before websites start refusing access entirely if you don't login with a passwordless mechanism. Right now it's kind of a stupid mess, where mobile phone apps for banks "save time by using your face id/touch id" password in the secure enclave, but then they still go ahead and expire it. This is simply having the phone save the password and send it rather than having the device verify with the headend that it belongs to who it's supposed to. 

I don't think any of that prevents them from releasing an OS that doesn't require a 3rd party account or telemetry.    There is also nothing stopping apple/MS/android from having a basic OS and then an optional security package on top that includes all of that.  So long as it is optional and transparent. 

 

 

 

[Kisai]

8 hours ago, Jito463 said:

Not my laptop.  I literally unplugged the webcam.  It's physically unplugged and can never be accessed, unless I plug it back in.

You can actually order laptops without the camera, but it tends to be a BYO option. I think I've only seen like 4 laptops at the office without the camera, but nearly everyone sticks a post-it flag (basically a small sticky note) over the lens. Point of interest, don't put a bandaid over it, it will rip the lens out.

 

I actually really wish the office would just use the dang smartcard slots that nearly all the laptops have.

 

Anyway, I digress. I would like to see the Passwordless SSO stuff standardized, PC, Mac, Android, iOS, Linux, etc. Just remove mandatory cloud service involvement if the TPM is enabled since the TPM can just store that stuff itself. If you opt out of the cloud service, and your device is stolen, rest easy (if you turned bitlocker or equivalent on) , but you'll have to go back reset all your SSO tokens. We do see half of this working already with how SSH sessions can have keys instead of passwords.

[pizapower]

I'm still rocking with my old 1803 and everytime Microsoft tries to download updates I delete these folder/files and try to disable ''Windows Update'' in services menu. I can't risk that they fuck up my sound card drivers(the good old legacy PCI studio soundcard).

[mr moose]

10 minutes ago, pizapower said:

I'm still rocking with my old 1803 and everytime Microsoft tries to download updates I delete these folder/files and try to disable ''Windows Update'' in services menu. I can't risk that they fuck up my sound card drivers(the good old legacy PCI studio soundcard).

Sometimes I miss my sound blaster live.  Last of the decent soundcards in my opinion. 

 

[pizapower]

2 minutes ago, mr moose said:

Sometimes I miss my sound blaster live.  Last of the decent soundcards in my opinion. 

 

I bought a Prime X370-A motherboard because it's the best AMD AM4 motherboard that has legacy PCI slots.

[pizapower]

16 minutes ago, mr moose said:

Sometimes I miss my sound blaster live.  Last of the decent soundcards in my opinion. 

 

I run my sweet 2700 @ 4ghz and 2x16gb 3000mhz@ 14.14.14 @ 1.3v

[Jito463]

So, I know this thread is a month old now, but I have an update that's worth reviving it.  We already addressed that disconnecting from the internet would allow a person to continue on with a local account, and while that's a viable alternative, my co-worker discovered yet another way.

 

If you attempt to login with the credentials "fake@notreal.com", then type in any random password, it will complain that you've logged in too many times with the wrong password and immediately kick you over to the local login option.  No need to unplug cables or skip the WiFi setup.  This should work with any locked account, but that one is unlikely to ever actually be unlocked and is the simplest to remember.