-
ve2mrx
AskWoody PlusUltimately, every website must stop relying on username/password combinations, which are inherently weak, and move to multifactor authentication (MFA) using secure tokens.
Right, if the goal is to protect the account from other people. But in this scenario, the person abusing the account has the MFA credentials. I imagine that it isn’t that hard to distribute the codes to multiple machines when you have access to the token as would happen in a post farm…
The only solution would be to limit to 3 logins at once (computer, tablet, phone) when MFA is active. And don’t make it too annoying or people will reduce their use! (But not bots!)
My 0.02$
Martin
-
ve2mrx
AskWoody PlusExactly. And this app password cannot be used to take over the account, can be disabled by the account owner easily and is used only in the app it was installed in.
Think of it as a rights-limited delegated account access that is limited to fetching and sending emails. If your workflow can’t tolerate this level of security, don’t use app passwords and find something that is recent enough to use Oath/2! It’s been out for a while now!
The goal is to eliminate the use of full-access account credentials to log into email that can be stolen and used in account take-over. The app password generated prevents this and isn’t peppered all over the place (used by one known app), limiting who has access to it (hopefully used over TLS!).
Sure, it is less secure, but it isn’t as much at risk as your account management password…
Martin
-
ve2mrx
AskWoody PlusReading this, I can only picture a lonely server in a closet with a bunch of obsolete kit all over, lost somewhere in the basement of some building… Hopefully, it wasn’t walled-in! 😉
Martin
-
ve2mrx
AskWoody PlusWhat annoys me the most is when you have an app that forces you to log in using your Microsoft account just so you have the extreme privilege of unticking the Start on boot checkbox!
Skype, I’m looking at you!
So I simply remove the autostart with the very useful tool Autoruns from Microsoft. Way more powerful than the in-box tools!
Martin
-
ve2mrx
AskWoody PlusI’m surprised nobody mentioned Yubikey yet…
I have two and I love their integration with websites. It allows you to enter the 2FA with a single touch of the key. Above all, they can store securely OTP keys  and with the companion app (mobile/computers) you can generate 2FA codes. Since you keep the key with you, it is never stored on the phone or computer!
Martin
-
ve2mrx
AskWoody PlusThis is why they also push for “PINs”, as those are unique to the machine they are set on. Think of PINs as local machine passwords.
Martin
-
This reply was modified 10 months, 2 weeks ago by
ve2mrx. Reason: Clarified PINs
-
This reply was modified 10 months, 2 weeks ago by
-
ve2mrx
AskWoody PlusUsing a non-changeable “password”? Bad idea. Especially DNA, it’s spread everywhere! Every hair or dead skin cell you lose can compromise your access!
Martin
1 user thanked author for this post.
-
ve2mrx
AskWoody PlusIt took me some digging and reading before trusting HIBP with my passwords too! But I do now!
Martin
-
ve2mrx
AskWoody PlusFirst, I am against password-less logon like Microsoft is pushing. That would be removing one factor.
Second, I cheat at OTP activation by recording the otp:// url in my password manager. This way, I can activate more than one token for backup. As long as I don’t reuse passwords, keep my password manager safe and don’t lose my 2FA sources, someone at the other end of the world can’t log in.
Of course, I don’t use SMS 2FA for anything I care about… Oh, I use none of those online password managers! Only local ones (sync’d by encrypted file).
Martin
-
ve2mrx
AskWoody PlusI just wanted to add that there is a version called Lenovo Commercial Vantage for Lenovo business computers without the “fluff”. It is also manageable from Group Policy. Use it if your machine is supported!
Martin
1 user thanked author for this post.
-
ve2mrx
AskWoody PlusHi!
Lenovo Vantage is purposely delayed while the update team monitors the early deployment of updates. Updates are first published on the support website, then to Vantage database about two weeks later if everything looks fine. The idea is to only install good updates automatically.
Martin
2 users thanked author for this post.
-
ve2mrx
AskWoody PlusJust a reminder : our increasing use of wireless “phones” causes a huge pressure in reallocating radio spectrum for mobile wireless device use. Every new bit open to reallocation is fought over in auction, and the scarcity causes reallocated bands to be used next to essential radio bands or services essential today like airplane radio-altimeters.
The only sustainable solution to our growing number of mobile devices is to re-use the spectrum already allocated in faster and more efficient ways, meaning using less spectrum for the same data volume. This means de-commissioning less efficient systems and replacing them with better ones. So, rely on 4th generation GSM (4G) instead of the 3rd generation.
With the 5th generation, millimetre wave links will help manage high density use (short-range very fast) by making coverage very local. This will allow re-use of frequencies in more zones within an area, reducing spectrum pressure, with generally faster links (all at the expense of higher energy use, unfortunately).
Today, the best of both worlds is having a device using 4G until the performance of 5G is desired, and switching on-the-fly.
Martin, hamradio operator since 1992
Wireless isn’t magic, and far from simple! I prefer wired links whenever practical!
-
ve2mrx
AskWoody PlusOf course, ALL 3G devices are affected in those ideas. IoT, alarms, cars, hobby projects, and phones…
If it’s oldish and uses wireless phone technology, it’s worth checking if it uses 3G or newer!
Martin
-
ve2mrx
AskWoody PlusThis is not permanent, it is so people don’t get caught without emergency sercices while the 3G phones are phased out. At some point, the 3G signal will stop and 911 will no longer work.
By then, you should have noticed you can’t make or receive normal calls and likely will have contacted the phone company. They will tell you to switch phones.
Martin
1 user thanked author for this post.
-
ve2mrx
AskWoody PlusYour network would use 4G/LTE once 3G is retired. Your phone appears to be able to use LTE, so I guess it would still work. Check your manual for details.
Martin
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
KB 5022836 will not install
by
Ken
1 hour, 12 minutes ago -
Windows 11 desktop for Windows 10 user
by
John Heaton
3 hours, 18 minutes ago -
GNOME 44 ‘Kuala Lumpur’ released
by
Alex5723
5 hours, 58 minutes ago -
Emotet adopts Microsoft OneNote attachments
by
Alex5723
6 hours, 6 minutes ago -
US : The Spy Law That Big Tech Wants to Limit
by
Alex5723
6 hours, 28 minutes ago -
Ferrari confirms customer data breached following ransomware attack
by
Alex5723
6 hours, 54 minutes ago -
Outlook bookmarks redirects to a different location, Help!
by
captainkrunchy
8 hours, 30 minutes ago -
Should I go to win11?
by
krism
7 hours, 13 minutes ago -
The Framework Laptop – Fully Modular
by
Matador
14 hours, 12 minutes ago -
Windows Snipping Tool is vulnerable to Acropalypse too.
by
Alex5723
8 hours, 5 minutes ago -
Pale Moon updates
by
Alex5723
17 hours, 14 minutes ago -
“Local Security Authority protection is off.” with persistent restart
by
Alex5723
6 hours, 36 minutes ago -
Self-encrypting drive setup on Linux
by
Ascaris
18 hours, 44 minutes ago -
Windows 11 Moments and local account setup
by
Ry
11 hours, 55 minutes ago -
Older versions of Roboform
by
randavis
1 day, 1 hour ago -
Long string filenames
by
WSaltamirano
23 hours, 31 minutes ago -
Windows 11 Build 22621.1483 released to Release Preview
by
joep517
1 day, 2 hours ago -
Will adding RAM to re-purposed PCs trigger activation again?
by
SupremeLaW
5 hours, 10 minutes ago -
Digital Photography Review to close
by
Alex5723
14 hours, 13 minutes ago -
Dish Network Hacked
by
CADesertRat
6 hours, 1 minute ago -
NewQ 16-in-1 USB C/TB4 Docking Station
by
Alex5723
1 day, 7 hours ago -
Is Office 2007 compromised by Windows 10?
by
WSepzcaw
15 hours, 3 minutes ago -
ZippyShare to shut down at end of month
by
Alex5723
1 day, 11 hours ago -
Odd monitor issue since last update…
by
WSmbotkin
2 days, 2 hours ago -
Powershell
by
wavy
1 day, 2 hours ago -
M1 Pro MacBook Pro running Parallels and Windows 11 on ARM
by
WinOnMac
1 day, 13 hours ago -
Make Google Maps Android full screen (without overlays)
by
opti1
11 hours, 29 minutes ago -
How do I most easily see replies made to posts rather than to the topic?
by
Peobody
4 hours, 13 minutes ago -
Searching for documents on an additional drive
by
Cthru
2 days, 3 hours ago -
Two ADMX templates for MS Edge
by
Simon_Weel
2 days, 9 hours ago
Recent blog posts
- Making Windows 11 on Arm less obnoxious
- The forums, and networking
- TPM 2.0, required by Windows 11, is hackable. Upgrade now?
- How to take advantage of the Photos app in Windows
- The sky is not falling
- Don’t want search?
- Special note for Samsung users (or Pixel users too!)
- Master Patch list as of March 15, 2023
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.