|
FunOne posted:Oh, and I can't setup the fingerprint scanner without also setting a PIN? What the gently caress? Every device with a fingerprint scanner I've used has had this requirement, because no scanner is 100% reliable If your finger is damp it probably won't work
|
#
?
Aug 19, 2020 20:04
|
|
|
|
| # ? Apr 25, 2024 08:52 |
|
|
FunOne posted:At least if the disk is encrypted they have to do some work to guess a passphrase vs. Hey Microsoft please unlock this whole device. I mean, my Google account doesn't unlock my phone. It doesn't even control the encryption. a. bitlocker by default saves a recovery key to a MS account, but it is optional. the MS account credential is not the same as the bitlocker key. b. don't get a MS account if you're worried about it c. your threat model is dumb. encryption is not a defense against the courts because not following court orders is itself a crime. if you are committing crimes, don't get caught in the first place (or stop committing crimes). if you are innocent, concealing evidence is stupid.
|
|
#
?
Aug 19, 2020 20:07
|
|
|
corgski posted:Oh if you're using a fingerprint scanner you may as well enable microsoft account for everything if your concern is really "someone getting a court order to access the computer" since it'll be just as easy for them and it'll save you the indignity of them physically forcing you to scan your fingerprint. I guess I'm just an idiot for wanting some level of security more than "send all my passwords to Redmond" but below "hard drive buried outside." Maybe I'm not worried about the CIA breaking into my house but I'd kinda like it if Sgt. Pile couldn't root through it. My phone seems to have figured out this complex set of "ease of use" and "decent security" challenges, but I guess asking the same of a laptop is too much.
|
|
#
?
Aug 19, 2020 20:07
|
|
|
repiv posted:Every device with a fingerprint scanner I've used has had this requirement, because no scanner is 100% reliable So why couldn't I just type in my password?
|
|
#
?
Aug 19, 2020 20:08
|
|
|
Oh right, the PIN is separate to the password. Yeah there's no need for that 
|
|
#
?
Aug 19, 2020 20:09
|
|
|
FunOne posted:Oh, and I can't setup the fingerprint scanner without also setting a PIN? What the gently caress?
|
|
#
?
Aug 19, 2020 20:15
|
|
|
FunOne posted:So why couldn't I just type in my password?
|
|
#
?
Aug 19, 2020 22:50
|
|
|
Ghostlight posted:Because signing in with a password is disabled the moment you enable fingerprint sign-in for the obvious reason that otherwise the fingerprint offers no protection against people stealing your password. And now you have no protection against someone stealing your PIN, which is almost always a lot weaker than your password.
|
|
#
?
Aug 19, 2020 23:48
|
|
|
Dylan16807 posted:If you're worried about someone stealing your password, shouldn't you be using two-factor? How does one steal a PIN? Just curious. Should I keep my bank card locked in aluminum foil so no one gets my PIN?
|
|
#
?
Aug 19, 2020 23:52
|
|
|
Last Chance posted:How does one steal a PIN? Just curious. Should I keep my bank card locked in aluminum foil so no one gets my PIN?
|
|
#
?
Aug 19, 2020 23:57
|
|
|
Signing in with a password isn't disabled when you're using face recognition with Windows Hello, I can't imagine why it would be different with a fingerprint scanner. Edit:  First square icon is log in with fingerprint, second with password, third log in with pin. Flipperwaldt fucked around with this message at 00:09 on Aug 20, 2020 |
|
#
?
Aug 20, 2020 00:04
|
|
|
Oh yeah, you're right. I had just turned on Require Windows Hello because see previous reply.Dylan16807 posted:If you're worried about someone stealing your password, shouldn't you be using two-factor?
|
|
#
?
Aug 20, 2020 00:38
|
|
|
FunOne posted:I guess I'm just an idiot for wanting some level of security more than "send all my passwords to Redmond" but below "hard drive buried outside." Maybe I'm not worried about the CIA breaking into my house but I'd kinda like it if Sgt. Pile couldn't root through it. A cop can legally force you to unlock any device with your fingerprint during a search. It is in every way less secure than a password. If you want the convenience that's perfectly fine and ok, but even a microsoft account is more secure against your local keystone kop than fingerprint unlock because the state has to request access from a third party that could, theoretically, refuse to comply. https://news.bloomberglaw.com/privacy-and-data-security/forced-phone-fingerprint-unlock-is-constitutional-judge-says corgski fucked around with this message at 00:56 on Aug 20, 2020 |
|
#
?
Aug 20, 2020 00:50
|
|
|
I've seen enough movies to know that the bad guys are going to get your fingerprint to unlock things one way or another. Same with retinal scans.
|
|
#
?
Aug 20, 2020 00:54
|
|
|
Ghostlight posted:Fingerprint and PIN is two-factor.
|
|
#
?
Aug 20, 2020 00:58
|
|
|
Klyith posted:c. your threat model is dumb. Really the answer is this. If you want to defend against organized state actors you need to pay someone. If you want to keep Sgt. Porky and the boys down at the precinct from seeing your porn folder during a search at a traffic stop use a good password, bitlocker, and don't use biometrics or cloud authentication. If you want to defend against a random dipshit who wandered past your laptop anything that isn't a password of "password" will work.
|
|
#
?
Aug 20, 2020 01:01
|
|
|
corgski posted:A cop can legally force you to unlock any device with your fingerprint during a search. It is in every way less secure than a password. If you want the convenience that's perfectly fine and ok, but even a microsoft account is more secure against your local keystone kop than fingerprint unlock because the state has to request access from a third party that could, theoretically, refuse to comply. Your wording made me think "a cop can do this while searching you." Article seems to say you can be compelled to unlock a device as part of executing a search warrant. The same would apply to a password, wouldn't it? quote:Compelling Barrera to use his fingerprint to unlock a device is not self-incriminating testimony under the Fifth Amendment, Harjani said. The procedure of using biometrics to unlock a phone is “more akin to a key than a passcode combination,” and that the procedure is a physical act, he said. It is super possible that I'm not understanding either the article or the hypothetical, though.
|
|
#
?
Aug 20, 2020 01:17
|
|
|
It’s in your quote from the link, passwords are protected under the 5th amendment, biometrics are not. It’s a dumb loving distinction but one to keep in mind if your threat model includes pissed off cops. corgski fucked around with this message at 01:23 on Aug 20, 2020 |
|
#
?
Aug 20, 2020 01:19
|
|
|
doctorfrog posted:Your wording made me think "a cop can do this while searching you." Article seems to say you can be compelled to unlock a device as part of executing a search warrant. The same would apply to a password, wouldn't it? With a search warrant for your computer, the cops can tell you to type in your password (that's compel in a legal sense, not compel as in beat you 'til you give in). If you don't, you may face the consequences of not following a legal search. Currently those consequences are 18 months in jail for contempt of court, if the judge thinks the prosecutors have a good case against you and that the case would be a "forgone conclusion" if you typed in the passwords to decrypt your CP stash. 18 months is a lot lighter sentence than Jared from Subway is serving so that could be considered a good deal, but a better deal is not doing crimes. OTOH with biometrics, a cop can hold your finger against the reader and there ain't poo poo you can do about it. Agreed it's a dumb distinction, but the legal protection is against self-incrimination. In the fingerprint scenario you aren't doing anything yourself, and the law doesn't consider fingerprints to be an invasion of privacy. They fingerprint you just for being a suspect.
|
|
#
?
Aug 20, 2020 02:36
|
|
|
Ok I get the distinction better now, thanks. I don’t have any crimes to hide, and I want the Jareds locked up, but it does bug me that there’s just about nothing that can’t be pried into. But it’s amusing and somewhat reassuring that a .7z password can be more secure than a fingerprint scanner.
|
|
#
?
Aug 20, 2020 05:46
|
|
|
Ghostlight posted:Oh yeah, you're right. I had just turned on Require Windows Hello because see previous reply. How? When you fail the fingerprint test, you can just enter a pin. One factor.
|
|
#
?
Aug 20, 2020 09:09
|
|
|
Yeah, it's not two-factor unless it requires you to enter both every time.
|
|
#
?
Aug 20, 2020 09:21
|
|
|
If you don't trust Redmond to store passwords, you shouldn't be using Windows. Redmond compiles your operating system. They already have root.
|
|
#
?
Aug 20, 2020 12:24
|
|
|
In summary, a "Microsoft account" login to Windows puts you into the global MSFT AD system, allowing them to credential themselves into your machine as well as remotely revoke those credentials. It also backs up the local encryption credentials and syncs you desktop "experience". Downside, if your MSFT account is compromised, you can be locked out of your machine. If your MSFT account is compromised, your local machine also is. Upside, passwords sync across multiple devices. Find my device functionality. New device experience is much improved. MSFT service settings sync between devices. Downside, if you've setup your MSFT with 2 factor auth you now have to deal with that on a daily basis. It looks to me that adding the MSFT account vs. a local account only increases the chances that someone gets into the device for marginal benefits. Anything important is backed up to the cloud, so if I lose the device or the encryption is corrupted I'll just start from a reformat. I generally do not want settings to convey between devices. And I'd rather the online account have a high quality password I don't type in every day. In addition, enabling any other form of login other than password requires you to set a redundant PIN. Any other password or PIN can then be used to login to the device EVEN after a reboot. No idea why MSFT can't copy the biometric processes used by phones, where a real password is required to authenticate into the device on boot then biometrics can be used afterwards. I appreciate all the helpful technical advice.
|
|
#
?
Aug 20, 2020 16:40
|
|
|
Klyith posted:With a search warrant for your computer, the cops can tell you to type in your password (that's compel in a legal sense, not compel as in beat you 'til you give in). If you don't, you may face the consequences of not following a legal search. Currently those consequences are 18 months in jail for contempt of court, if the judge thinks the prosecutors have a good case against you and that the case would be a "forgone conclusion" if you typed in the passwords to decrypt your CP stash. Multiple states' supreme courts have ruled that compelling password disclosure violates the fifth amendment. To my knowledge it hasn't gone to SCOTUS but that still means you can't tell people that as blanket advice absent either a specific locality or a federal crime.
|
|
#
?
Aug 20, 2020 19:57
|
|
|
There are also many things that are currently crimes that probably will not always be crimes and telling someone just to "not do crimes" is highly privileged and ignorant of all historical context. Unless you're the kind of champ who would tell a suffragette that if she didn't want to be force-fed she shouldn't have done the crimezzz. Or a black child mauled by a police dog. Indigenous peoples everywhere currently being terrorized by governments. Stuff like that. These fights continue all over the world and strong encryption and security practices have now become necessary to keep activists safe. It's not an option in many cases for them to simply "not do crimes" because those direct actions are how they survive.
|
|
#
?
Aug 20, 2020 23:55
|
|
|
repiv posted:Every device with a fingerprint scanner I've used has had this requirement, because no scanner is 100% reliable Well thanks, now I know why fingerprint scanners rarely work for me. That's me, the guy with perpetually sweaty hands.
|
|
#
?
Aug 21, 2020 00:15
|
|
|
It also doesn't work well if your fingers are too dry, or too fatty, or if you happen to have a small cut on the tip of the finger that you use for your fingerprint scanner. I don't use it for my PC, but I have the fingerprint unlock activated on my smartphone, and boy can it be finicky. It's why it's a good reason to always register more than one finger and to have a fallback method.
|
|
#
?
Aug 21, 2020 00:22
|
|
|
It does depend on the type of scanner, the ultrasonic ones that e.g. Samsung uses are terrible compared to the capacitive or optical ones
|
|
#
?
Aug 21, 2020 00:26
|
|
|
For something completely different: the Windows 10 2004 update seems to be causing my computer to bluescreen. I never get bluescreens and didn't have anything else running at the time, but just this evening, I've gotten two and both with the same error message about unhandled exceptions in system threads. Does anyone know what might be causing that and how to fix it?
|
|
#
?
Aug 21, 2020 00:38
|
|
|
You should be able to roll back. Alternatively, if there's an error code, Google it and see if there's a hotfix. Also you can try updating graphics drivers, etc.
|
|
#
?
Aug 21, 2020 00:42
|
|
|
Sorry, I phrased that wrong: trying to apply the 2004 update is what is causing the bluescreen, not the installed update, because I can't actually get that far.
|
|
#
?
Aug 21, 2020 00:43
|
|
|
Cardiovorax posted:Sorry, I phrased that wrong: trying to apply the 2004 update is what is causing the bluescreen, not the installed update, because I can't actually get that far. Hey the 2004 update nuked my drive so at least it hasn’t done that to you! I had to completely wipe the drive and start over fresh.
|
|
#
?
Aug 21, 2020 01:38
|
|
|
My Win10 system drive on my HTPC is showing some very alarming SMART readings. This system took me forever to set up just right but thankfully my media is stored on separate drives. What would be the most painless way to clone this drive to a spare SSD and use that as a system drive? Will this give me issues with my Win10 activation?
|
|
#
?
Aug 21, 2020 05:45
|
|
|
Nowher posted:My Win10 system drive on my HTPC is showing some very alarming SMART readings. This system took me forever to set up just right but thankfully my media is stored on separate drives. Macrium Reflect worked great for me. And no.
|
|
#
?
Aug 21, 2020 05:47
|
|
|
tuyop posted:Macrium Reflect worked great for me. And no. Seconding this. Just make sure to uninstall it when you are done because it has a lot of annoying popups. Windows question for me. I have a 2 bay NAS that I was using for media storage and it has 8TB of storage that is mostly free. I have 4 windows 10 machines I'd like to start doing (weekly?) backups so if something like what happened before I can just do a restore from one of the backups. What is the easiest way to have Windows do this? Is there something built in like say Mac Time machine?
|
|
#
?
Aug 21, 2020 06:03
|
|
|
MarcusSA posted:Windows question for me. I have a 2 bay NAS that I was using for media storage and it has 8TB of storage that is mostly free. I have 4 windows 10 machines I'd like to start doing (weekly?) backups so if something like what happened before I can just do a restore from one of the backups. Windows does have a built-in backup function called file history. Settings -> Update & Security -> Backup. It's not a comprehensive backup -- you can't target windows directories or make a restore-able image -- but it keeps multiple incremental versions and is a good solution for basic backup of important files to a NAS. If you want complete system backup to make restoring the OS easy if your drive wipes, you'd need something better. (Though I'd say that's a case for a two tier solution -- use macrium or something to make a complete image every so often / before big OS updates, and file history or another backup program for continuous backup of important files.)
|
|
#
?
Aug 21, 2020 15:52
|
|
|
Klyith posted:Windows does have a built-in backup function called file history. Settings -> Update & Security -> Backup. It's not a comprehensive backup -- you can't target windows directories or make a restore-able image -- but it keeps multiple incremental versions and is a good solution for basic backup of important files to a NAS. Ok so I’d definitely need a third party solution then? I guess coming from Mac where I can do a restore from a time machine backup windows is a bit lacking in that area.
|
|
#
?
Aug 21, 2020 16:06
|
|
|
MarcusSA posted:Ok so I’d definitely need a third party solution then? Yeah this isn't something Windows has built in to the level that MacOS does. The good news is that there are a few really good free ones like Macrium or Backupper. I use Macrium and it takes an incremental image every Mon/Wed/Fri morning. It's not quite as seamless to restore as Time Machine but it's close. If you're looking for a total solution, I use Macrium and File History. Macrium's latest image gets synced to my NAS, encrypted, and then uploaded to an AWS Glacier bucket. File History is useful for the types of files that don't do well in cloud storage (I use it for in-progress Premiere projects and other huge files/folders).
|
|
#
?
Aug 21, 2020 17:30
|
|
|
|
| # ? Apr 25, 2024 08:52 |
|
|
MarcusSA posted:Ok so I’d definitely need a third party solution then? The Deployment Image Servicing and Management tool (DISM) is the first-party tool for capturing and applying disk images, if you want to avoid third-party tools. It's definitely not Time Machine, though. If I had to guess why Windows doesn't have a closer equivalent to Time Machine, I think the uncertainty about hardware is probably a big factor. Trying to apply a backup image to a new computer would have a pretty high chance of issues caused by hardware differences, and from a public perception standpoint, it's probably better to offer nothing than to offer a tool that often fails.
|
|
#
?
Aug 21, 2020 18:20
|
|
