←back to thread

Upcoming Windows 11 builds cannot install without internet and Microsoft Account

(infosec.exchange)
268 points tech234a | 1 comments | 29 Mar 25 04:13 UTC | HN request time: 0s | source
Show context
soraminazuki ◴[29 Mar 25 05:47 UTC] No.43513090[source]
It's such an absurd lie. If Microsoft's idea of security is to force its users to authenticate online for a local account, they should never be allowed in the software industry at all. They're needlessly and dramatically increasing the attack surface of one of the most security critical software running on user devices.
replies(5): >>43513349 #>>43513354 #>>43513571 #>>43513574 #>>43514238 #
charcircuit ◴[29 Mar 25 07:33 UTC] No.43513571[source]
Microsoft's idea of security is moving people away from local accounts protected by passwords and to Microsoft accounts protected Windows Hello.

The Windows Hello PIN is protected by the TPM. This means you can't brute force it like a password could be.

replies(2): >>43513581 #>>43513921 #
soraminazuki ◴[29 Mar 25 07:36 UTC] No.43513581[source]
That has nothing whatsoever to do with the topic, which is forcing online authentication. You can't possibly argue that needlessly forcing online authentication makes user safe.
replies(1): >>43513608 #
charcircuit ◴[29 Mar 25 07:45 UTC] No.43513608{3}[source]
The topic isn't about forcing online authentication. It's about improving security from having users use a Microsoft account. The security improvement of using a Microsoft account comes from Windows Hello.
replies(2): >>43513680 #>>43520247 #
1. soraminazuki ◴[29 Mar 25 08:03 UTC] No.43513680{4}[source]
It is. You can check by reading the title.

Your's is a reiteration of Microsoft's preferred talking point that has no basis in reality. Tying local authentication to the cloud tremendously increases the attack surface for those who don't need it. TPMs do nothing to change this fact. The only connection between a TPM and a Microsoft account is that Microsoft chose to tie those two together for their own benefit.