Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/fifonetworks/statuses/113873689130437764">Bob Young :verified: (fifonetworks@infosec.exchange)'s status on Thursday, 23-Jan-2025 06:36:49 JST</a><a href="https://infosec.exchange/@fifonetworks" title="fifonetworks@infosec.exchange"><img src="https://gnusocial.jp/avatar/180358-48-20240517121026.webp" width="48" height="48" alt="Bob Young :verified:" style="position: absolute; left: 0; top: 0;">Bob Young :verified:</a></section><article><p>Microsoft is getting ready to do away with MFA for its web-based products. No, this is not clickbait.</p><p>Beginning in February, if you log in to a web-based service, Microsoft will keep you logged in by default. Go ahead and close the browser window, it doesn’t matter. You’re still logged in, unless you deliberately log out. Think about hotel computers, library computers. Think about women in an abusive relationship.</p><p>It’s no longer MFA if Microsoft reduces authentication to device authentication. They won’t be requiring proof of identity of the person in front of the screen.</p><p>If you sign in to a Microsoft web-based app on a computer that is ACCESSED BY OTHER PEOPLE, you are at risk. </p><p>ACTION STEP<br>Even though Microsoft is placing the notification at the top of the screen right now, there are people you know who won’t understand what it means. There are people who won’t even notice the message. Make sure your friends and family know how to explicitly sign out after every session on a shared computer.</p><p>One last note: Microsoft says that instead of logging out you can use private browsing (for example, Google’s incognito mode). I don’t recommend this option, because sometimes software doesn’t behave quite like the coder thinks it will. For the most reliable security, log out.</p><p><a href="https://infosec.exchange/tags/CallMeIfYouNeedMe" rel="tag">#CallMeIfYouNeedMe</a> <a href="https://infosec.exchange/tags/FIFONetworks" rel="tag">#FIFONetworks</a></p><p><a href="https://infosec.exchange/tags/cybersecurity" rel="tag">#cybersecurity</a> <a href="https://infosec.exchange/tags/privacy" rel="tag">#privacy</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4427746#notice-8663012">In conversation</a><time datetime="2025-01-23T06:36:49+09:00" title="Thursday, 23-Jan-2025 06:36:49 JST">about 8 days ago</time> <span>from <span><a href="https://infosec.exchange/@fifonetworks/113873689130437764" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@fifonetworks/113873689130437764">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="http://relationship.It/">relationship.it</a></h5><div></div></header><div>This domain may be for sale!</div><footer></footer></article></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/3989329">Screenshot from Outlook web version showing the notice of the change. The author has circled the notice with a red line.</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/873/680/991/369/441/original/e7bb36c0efbed98f.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/873/680/991/369/441/original/e7bb36c0efbed98f.png</a></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/3989330">Screenshot of the Microsoft article linked from the notice in Outlook. The author has added a red circle and red lines to draw the reader's attention to items discussed in the post.</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/873/681/034/915/309/original/fbd71c62363941be.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/873/681/034/915/309/original/fbd71c62363941be.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Bob Young :verified: (fifonetworks@infosec.exchange)'s status on Thursday, 23-Jan-2025 06:36:49 JST Bob Young :verified:
Microsoft is getting ready to do away with MFA for its web-based products. No, this is not clickbait.
Beginning in February, if you log in to a web-based service, Microsoft will keep you logged in by default. Go ahead and close the browser window, it doesn’t matter. You’re still logged in, unless you deliberately log out. Think about hotel computers, library computers. Think about women in an abusive relationship.
It’s no longer MFA if Microsoft reduces authentication to device authentication. They won’t be requiring proof of identity of the person in front of the screen.
If you sign in to a Microsoft web-based app on a computer that is ACCESSED BY OTHER PEOPLE, you are at risk.
ACTION STEP
Even though Microsoft is placing the notification at the top of the screen right now, there are people you know who won’t understand what it means. There are people who won’t even notice the message. Make sure your friends and family know how to explicitly sign out after every session on a shared computer.
One last note: Microsoft says that instead of logging out you can use private browsing (for example, Google’s incognito mode). I don’t recommend this option, because sometimes software doesn’t behave quite like the coder thinks it will. For the most reliable security, log out.
#CallMeIfYouNeedMe #FIFONetworks
#cybersecurity #privacy
In conversationabout 8 days ago from infosec.exchangepermalink
Attachments

Public

Embed Notice

HTML Code

Corresponding Notice