deleted by creator
deweydecibel @ deweydecibel @lemmy.world Posts 2Comments 1,207Joined 2 yr. ago
deweydecibel @ deweydecibel @lemmy.world
Posts
2
Comments
1,207
Joined
2 yr. ago
The app will enforce a lock screen.
Or tell your IT department to think ahead and skip the part where we use personal devices to ensure the security of company devices and data. That will eventually change, and we're going to look back on it the same way we look back on letting users receive work emails on any device with nothing but a password.
If you want security, use company devices. It's really simple.
This is what it's heading to eventually. This "authentication using a personal device that the IT department can't control" crap will eventually evolve into "they must control the device". Which means they just need to quit being cheap and buy devices they can manage for this purpose.
For now.
The point is, the patterns in software security are pretty clear. People will keep finding ways around the authenticator, eventually someone will get their account compromised, and at some point it will get more restrictive.
It doesn't matter how it works now, because once it's normalized that this Microsoft app must be on your phone so you can work, and it must operate exactly as it wishes to, Microsoft will be able to start pushing more restrictions.
At a certain point, the device simply has to be verified as secure in and of itself before it can keep another device secure. Meaning your phone will be brought under your workplace's security policies.
Unless you are going to take the time to reverse engineer the app and show why the company shouldn't pick it, you're just being a whiny pain in the arse.
You're god damn right they are, and they have every right to be. I'm in It too and I'm absolutely sick of the condescending attitude and downright laziness of people in the field who constantly act like what the users want doesn't matter. If they don't want it on their personal device, they don't need a damn reason.
This job is getting easier all the time, complaining because users don't want Microsoft trash on their phone might make marginally more work for you is exactly as whiny.
Or, throw a fit and have the joys of dealing with two phones. Trust me, after a year or so of that, the MS Authenticator app on your personal phone will feel like a hell of a lot better idea.
I see this all the time and it's downright hysterical. Who the hell can't handle having to have two devices on them?
"Oh yeah you'll regret asking for this! Just wait till you have to pull out that other thing in your bag occasionally! You'll be sorry you ever spoke up!"
Also, develop some pattern recognition. If you can't see how Microsoft makes this substantially worse once other methods have been choked out, you haven't learned a thing about them in the last 30 years.
Ever notice that TOTP can be backed up and restored to a new device? If it can be transferred, then the device no longer counts for the "something you have" second factor in my threat model.
The administrator can restrict this.
When I got the few emails from users at my organization who refused to use the app on their phones, I was ecstatic and I went to bat for them with our section director who insisted on making it mandatory, no exceptions.
Unfortunately most people in IT seem to just be lazy and believe "if it makes my job easier, absolutely no other concerns are relevant".
Except that the Authenticator is being forced in place of other, third party apps.
I don't mind using my phone to authenticate. But now I'm not allowed to do it from Bitwarden. I must use their app.
Honestly, I don't care. At this point, looking at the smoking hellscape the internet has become, looking at what happened to wikia, I don't care if they're getting funded or not, I'm donating. Wikipedia and the Internet Archive are some of that last bastions of the internet the way it was meant to be. We simply can't lose them the way we've lost so many others.
It's really to curb my own anxiety more than anything else. It's the only thing I can do to reinforce the bulwark, and I'm gonna do it, because I can rest a little bit easier knowing that bulwark is a little bit stronger.
They were leaked specifically to "SEO experts" who shared portions of it. I don't know if it was leaked publicly.
I'm basically what happened is the leaker is an SEO guy, that runs an SEO company, and leaked the documents to another SEO guy.
I get this is the go-to response now, for good reason, but there isn't really anything too shady going on with this particular case at least not from Google. This is more about them trying to keep SEOs from figuring out how they rank things so they can't pollute the search results even more.
Every comment is shitting on Google but here is the what the SEO expert said about the leak when it was presented to them:
This person’s sole aim appeared quite aligned with my own: to hold Google accountable for public statements that conflict with private conversations and leaked documentation, and to bring greater transparency to the field of search marketing. And they believed that, despite my years removed from SEO, I was the best person to share this publicly.
Just read through that blog. Look at the absolute indignity these SEO assholes have at the idea that the search engine wouldn't tell them exactly how to fuck it up with their garbage.
This is entirely about advertising. Hell, the leaker revealed their identity, and it's the guy that runs this company:
Companies like this and the assholes behind them are a cancer on the internet and they have been for a very long time. You cannot point the finger at Google and not also point the finger at them, they are the other half of the shit equation.
Rand Fishkin, who worked in SEO for more than a decade, says a source shared 2,500 pages of documents with him with the hopes that reporting on the leak would counter the “lies” that Google employees had shared about how the search algorithm works.
Am I supposed to care that the poor SEO assholes that need to get their ads more visibility weren't being given all the instructions on how to do that by the search engine?
Most of this article is SEO "experts" complaining that some of the guidelines they were given didn't match what's in the internal documents.
Google is shit, but SEO is a cancer too. I can't be too bothered by Google jacking them around a bit.
This doesn't have anything to with regulation. This is mainly a bunch of SEO and marketing people whining that Google hasn't been honest with them in telling them exactly how to game their search engine.
It's the full start menu with one click, and the toolbar isn't needlessly centered, so yeah. I'd actually take this over Win11
That's not nearly shitty enough. It's too useful. Look at all the options and other clickable things you got on the start menu, and it only took one click to open it.
That's not how this works anymore. If this were truly made today, it would be needlessly "streamlined", i.e. everything is hidden so as not to "clutter up" the UI with useful things, and make more room for...nothing. Just wasted space.
We hide everything behind multiple clicks now because the "average user" starts bleeding out their eyes if they're forced to see many things at once.
It's also useful because it gives a corporate controlled filter for all information, that most people will never truly appreciate is being used as a mouthpiece.
The end goal of this is fairly obvious: imagine Google where instead of the sponsored result and all subsequent results, it's just the sponsored result.
I have many friends that complain about these things, that noticed the exact same pattern as you.
And yet, every last single time I've ask them "Have you looked into using a different service? Maybe try one?" they mumble out a noncommittal response and never do.
And the fact they provide those configurations is important in and of itself. Configurable software is falling more and more out of fashion.
The value is likely that they're selling it. Because they're a non-profit, and they have to make money somehow. Or they're using it to develop some kind of ai search function.
But the important, critical fact here is that Mozilla has routinely demonstrated that they can be trusted when they tell you "You can turn this off, and if you turn this off, it is actually off, and it will stay off."
You will never see that from Google or Microsoft or any of the others.
Look at the part where they mentioned that if you already disabled telemetry, this new telemetry is also disabled. Think about how rare that is nowadays with any consumer software from most big for-profit tech companies. New bullshit is always on by default, even if you disabled it previously. The fact Mozilla respected that puts them miles ahead of any of their competitors.
As for the "path they're going on", I don't know what to tell you, man. Every company is on this same path right now. The economics of the internet and the tech industry have gone to absolute shit, where privacy, user choice, competitive markets, and non-profits are all dying a slow painful death to enrich wall street. Mozilla will probably get caught in it too, but the best we can hope for is they hold out the longest.
And your financial information need never leave the IRS and be put in the hands of a private company.