Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Microsoft launches cross-platform Password Manager!

Kuvahaun tulos: microsoft authenticator

 

Summary

Not only does Bill Gates want to microchip you with vaccine, now old Bill wants all your passwords too!

Microsoft has launched their password managing solution as part of the Microsoft Authenticator which they have quite smartly opted to name simply as "Autofill".

 

You can now manage and automatically fill your passwords with this across PCs, browsers (edge, chrome) ,mobile devices.

 

 

Quotes

Quote

While this release enables autofill for passwords, we’re also actively working on securely bringing all your autofill information from Microsoft Edge to your mobile devices via the Authenticator app, including payment info, addresses and more. However, that’s just the first step. Our users interact with multiple apps and sites daily and need a secure way to autofill and save various types of data, from passwords to even free-form text. Online security will continue to be critical as individuals and organizations embrace remote work, and our mission with this offering is to help our customers securely and conveniently manage their sensitive data even as new security challenges emerge. We look forward to your feedback!

(PS. Resistance is futile, join the windows botnet. ) 

 

My thoughts

Curious to see if this will start to become heavily adopted  as "industry standard" over current options for password management as quite many organizations commonly use Microsoft authenticator to begin with for 2-factor authentication.

 

Sources

https://blogs.windows.com/windowsexperience/2021/02/05/simplify-and-secure-your-life-with-microsofts-autofill-solution-for-passwords/

Link to post
Share on other sites

Bitwarden. Small, powerful and not from a mega corp. Also Bitwarden was audited by 3rd party not long ago. And even allows you to run your own host.

Edited by RejZoR
Typos

AMD Ryzen 7 5800X | ASUS Strix X570-E | G.Skill 32GB 3733MHz CL16 | PALIT RTX 3080 10GB GamingPro | Samsung 850 Pro 2TB | Seagate Barracuda 8TB | Sound Blaster AE-9 MUSES Edition | Altec Lansing MX5021 Nichicon/MUSES Edition

Link to post
Share on other sites

There's also sysPass as another free and open source alternative.

 

39 minutes ago, Furiku said:

…as quite many organizations commonly use Microsoft authenticator to begin with for 2-factor authentication

~edit: If you don't trust Microsoft Authenticator you could use Google Authenticator. It generates time-based one-time passwords based on the same technology. So it doesn't have quite the same trust issues as password manager hosted by someone else might.

Remember to quote or @mention others, so they are notified of your reply

Link to post
Share on other sites
21 minutes ago, Eigenvektor said:

If you don't trust Microsoft Authenticator you could use Google Authenticator. It generates time-based one-time passwords based on the same technology. So it doesn't have quite the same trust issues as password manager hosted by someone else might.

That's also how Microsoft Authenticator works, that's how 2FA works most commonly with App based second factors.

Link to post
Share on other sites
3 minutes ago, leadeater said:

That's also how Microsoft Authenticator works, that's how 2FA works most commonly with App based second factors.

I know. That's what I meant by "based on the same technology" (RFC6238 and RFC4226), meaning they are interchangeable.

 

Interestingly enough both apps now have the Internet permission on Android. I seem to remember that at least Google Authenticator didn't use to require this permission.

Remember to quote or @mention others, so they are notified of your reply

Link to post
Share on other sites
1 minute ago, Eigenvektor said:

I know. That's what I meant by "based on the same technology" (RFC6238 and RFC4226), meaning they are interchangeable.

 

Interestingly enough both apps now have the Internet permission on Android. I seem to remember that at least Google Authenticator didn't use to require this permission.

Right, was just a little confusing with that last sentence as one time passwords aren't a replacement for first factor passwords so it's not like it hugely matters which you use for a 2FA purpose. However that does change if your 2FA App is also your first factor password manager, either it's just me or that seems a bit stupid and self defeating.

 

Say someone gets your phone and is able to unlock it or got it while unlocked, how convenient to have literally everything in a single place lol.

Link to post
Share on other sites
9 minutes ago, leadeater said:

Say someone gets your phone and is able to unlock it or got it while unlocked, how convenient to have literally everything in a single place lol.

Right. Having both on the same device kind of defeats the purpose of second factor 😄 Keeping your phone secured is definitely important in this case.

 

~edit: I get how my last sentence is somewhat confusing. What I meant is that using a 2FA app from a big corporation does not have the same trust issues as using their password manager. If they host your passwords, not only could they theoretically get access to your passwords, they are also a tempting target for hackers.

Remember to quote or @mention others, so they are notified of your reply

Link to post
Share on other sites

Well, interesting though. A bit surprised they haven't done so already. There's a decent amount of these apps to choose.

Ryzen 7 3800X | X570 Aorus Elite | G.Skill 16GB 3200MHz C16 | Radeon RX 5700 XT | Samsung 850 PRO 256GB | Mouse: Zowie S1 | OS: Windows 10

Link to post
Share on other sites
3 minutes ago, gabrielcarvfer said:

Internet permission? Technically, they do need network access to synchronize natural clock skewing. If they transmit more than that is a different story, but they already have they key anyways, so it wouldn't be necessary even if they wanted to invade all your stuff.

I'm assuming the (Android) device has a synchronized clock already, the app doesn't have to take care of that.

 

What do you mean by the have my keys already? The Authenticator can be used with a ton of service (like Amazon, AWS, PayPal, …). The service has the key, but Google does not (or shouldn't). I assume the apps have network access for e.g. backups.

Remember to quote or @mention others, so they are notified of your reply

Link to post
Share on other sites
9 minutes ago, gabrielcarvfer said:

If they have backups, it's useless since I've had to register everything again more than once.

I was thinking more along the line of giving you an option of creating a backup by connecting the app to some online service.

 

~edit: Looking at the app I can only see an option to export/import via QR code

Remember to quote or @mention others, so they are notified of your reply

Link to post
Share on other sites

is this available for business/enterprise customers? Or just personal for now?

I ask this because this might be useful at work. would save some money over a third party passwd manager for everyone

"There is nothing more difficult than fixing something that isn't all the way broken yet." - Author Unknown

"A redline a day keeps depression at bay" - Author Unknown

Spoiler

Intel Core i7-3960X @ 4.6 GHz - Asus P9X79WS/IPMI - 12GB DDR3-1600 quad-channel - EVGA GTX 1080ti SC - Fractal Design Define R5 - 500GB Crucial MX200 and 2 x Seagate ST2000DM006 (in RAID 0 for games!) - The good old Corsair GS700 - Yamakasi Catleap 2703 27" 1440p and ASUS VS239H-P 1080p 23" - NH-D15 - Logitech G710+ - Mionix Naos 7000 - Sennheiser PC350 w/Topping VX-1

 

Avid Miata autocrosser :D

Link to post
Share on other sites

Why would anyone complain about this and not Keychain, or LastPass, etc? Why does it matter that it's Microsoft?

Link to post
Share on other sites
5 hours ago, Furiku said:

Kuvahaun tulos: microsoft authenticator

 

Summary

Not only does Bill Gates want to microchip you with vaccine, now old Bill wants all your passwords too!

Microsoft has launched their password managing solution as part of the Microsoft Authenticator which they have quite smartly opted to name simply as "Autofill".

 

You can now manage and automatically fill your passwords with this across PCs, browsers (edge, chrome) ,mobile devices.

 

 

Quotes

 

My thoughts

Curious to see if this will start to become heavily adopted  as "industry standard" over current options for password management as quite many organizations commonly use Microsoft authenticator to begin with for 2-factor authentication.

 

Sources

https://blogs.windows.com/windowsexperience/2021/02/05/simplify-and-secure-your-life-with-microsofts-autofill-solution-for-passwords/

WOW! Say it isn't so! Bill Gates has come out of RETIREMENT!!!!!!!! /s

 

Now, he can say that no one needs more that 32 gigs of ram! /s

 

Bill Gates is RETIRED! That is a fact...

https://www.cnbc.com/2020/03/13/bill-gates-leaves-microsoft-board.html

 

 

MOTF is always Up or Down, just like the Elevator Business

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×