Windows 11

[Davydd]

I haven't got facial recognition on my new MacBook Pro laptop like iPhones but they have put in a fingerprint recognition key on the keyboard which I didn't have before. A lot of websites mostly financial or first time sign on are going to two step recognition to sign on such as texting or emailing a 6 number code you then have to input. Log on here is just fingerprint recognition. You can have long passwords automatically generated and encrypted which I could not possibly remember nor store but my finger evidently knows.

[booster]

Quote:

Originally Posted by Davydd

I haven't got facial recognition on my new MacBook Pro laptop like iPhones but they have put in a fingerprint recognition key on the keyboard which I didn't have before. A lot of websites mostly financial or first time sign on are going to two step recognition to sign on such as texting or emailing a 6 number code you then have to input. Log on here is just fingerprint recognition. You can have long passwords automatically generated and encrypted which I could not possibly remember nor store but my finger evidently knows.

Does it have the be the reader on that computer or could you log in on someone else's if your reader died?

[Davydd]

I can't answer that question offhand because I haven't signed on to any computer but my own. But when I first log on to anywhere and set up a password it then works on all my devices computer, iPad with different fingerprint recognition or iPhone with facial recognition I have set up. Most of my important websites I do know the passwords and if not I can get to them with facial recognition or fingerprint recognition and then I would assume if using another person's computer I would have to input them. When buying a new device the initial setup sets them up on the new computer or devise. I'm totally in the Apple sphere and Apple's iCloud servers for recovery. No Windows or Android. I do have personal passwords based on a word not in any dictionary that I have totally made up with further variations. It is not rumplestiltskin.

[@Michael]

Quote:

Originally Posted by booster

Does it have the be the reader on that computer or could you log in on someone else's if your reader died?

AFAIK, the two-factor schema implemented by technology companies, banks (etc) typically have more than one means of authenticating. For Microsoft products, that can include a push notification to your phone, a dial-back to a voice phone, etc.

Because key-loggers are still a major threat, the less often I type passwords into a web sites, phones or computers, the less likely I am to have an account compromised. On my phones and laptops I use face or fingerprint where possible.

The general trend is towards eliminating the use of passwords, relying instead on other means of authenticating.

[@Michael]

Quote:

Originally Posted by felixw

What's Win11 like with regard to logging in? Why does anyone want to waste time logging in to a home PC everytime they want to use it?

With my near-new laptop, Windows 11 facial recognition is near-instant. With my 5 year old laptop, it's a 3-4 second delay. Fallback can be a PIN number or push notification to a phone. If set up that way, one never has to type a password on a keyboard, eliminating the risk of keylogging by a bad actor. The faceprint and PIN are stored locally, not in the cloud, so cannot be hijacked and used by a bad actor to access data in the cloud.

Quote:

Originally Posted by avanti

This is also why, despite the inconvenience, it is essential to never run your system with unencrypted storage. It is really hard to overstate how important this is in today's world.

Good advice.

Quote:

Originally Posted by avanti

I have no idea how good a job MS is doing these days, since I don't do anything sensitive on a PC. However, in the Apple ecosystem, all of this is extremely well though-out and implemented. That is why the FBI needs to go to Israeli intelligence to unlock an iPhone if its owner won't cooperate.

AFAIK, on PC's and laptops, Microsoft has very good implementations - at least as good as Apple. The major component that's missing is a functional equivalent of the Apple keychain. They have the Authenticator app, which has password management, but it's not integrated into Windows 11.

[avanti]

A little "delighter" that has shown up in recent versions of Safari is a feature whereby the browser detects a 2-factor authorization dialog and automatically pastes the code into the "input your code here" field as soon as it is delivered via SMS. Made me smile.

[JohnnyFry]

I have used 1 Password for years and am presently testing out Bitwarden. I love 1 Password and am using the original purchased version. They keep bugging me to "upgrade" to the subscription model, which is why I am testing Bitwarden, which is free. I access 1 PW with a single long and complex PW which is easy to remember because it is the only one I have to memorize. My encrypted PW vault is stored in the cloud in Dropbox so I can access it anywhere on any machine. I also take advantage of 2 factor ID. I am exclusively MAC: I left Uncle Bill's Windows a long time ago and have watched the steady parade of Zero day exploits and patches from Vista, Win 8, Win 10 and now Win 11...142 critical security patches last Patch Tuesday, that has to be a record. OH, and MAC OS can talk to you in UNIX.

[avanti]

Quote:

Originally Posted by JohnnyFry

I have used 1 Password for years and am presently testing out Bitwarden. I love 1 Password and am using the original purchased version. They keep bugging me to "upgrade" to the subscription model, which is why I am testing Bitwarden, which is free. I access 1 PW with a single long and complex PW which is easy to remember because it is the only one I have to memorize. My encrypted PW vault is stored in the cloud in Dropbox so I can access it anywhere on any machine. I also take advantage of 2 factor ID. I am exclusively MAC: I left Uncle Bill's Windows a long time ago and have watched the steady parade of Zero day exploits and patches from Vista, Win 8, Win 10 and now Win 11...142 critical security patches last Patch Tuesday, that has to be a record. OH, and MAC OS can talk to you in UNIX.

Why do you choose third-party pwd management rather than the native Apple stuff? Not being critical--just curious.

[JohnnyFry]

I have been using 1 PW since long before Apple initiated Keychain. I do also use Keychain, but I have a boatload of legacy stuff in 1PW. It also holds stuff like my Passport, Drivers license and notes of things like combination lock combinations.

[firemanbenz]

Is win11 still free to upgrade from win10 or do you need to pay for it now?

[Winston]

Quote:

Originally Posted by firemanbenz

Is win11 still free to upgrade from win10 or do you need to pay for it now?

We're continuing to receive Microsoft solicitations to upgrade so we suspect the upgrade remains free.

On the bigger issue, we're glad we found this thread before making the decision to upgrade as our storage is a file-server (NAS) that many computers access. Can anyone comment on how this new 'encryption' is handled on external storage devices and, if such external servers are encrypted, how do the multiple other computers gain access to this common encrypted data?

[booster]

Quote:

Originally Posted by Winston

We're continuing to receive Microsoft solicitations to upgrade so we suspect the upgrade remains free.

On the bigger issue, we're glad we found this thread before making the decision to upgrade as our storage is a file-server (NAS) that many computers access. Can anyone comment on how this new 'encryption' is handled on external storage devices and, if such external servers are encrypted, how do the multiple other computers gain access to this common encrypted data?

That is very interesting question. Most don't have that kind of system, but data protection in general is very important to me.


Microsoft appears to be expanding from the OneDrive routine that has been around for a while which was always intruding and generating uploads of data when it was on my computer. It would lock the files on the computer so you had to connect to Microsoft to see or use them and when you did that is copied and locked even more files. It would also turn itself on at every update and upload anything that it didn't already have. I still have several folders/files on my computer that are locked and unopenable from then.


The encryption with Microsoft holding the key is very similar, I think, as they will be controlling all the access to all of your data if you let them do it. The way they turn stuff on during updates is a scary thing about it will happen with the encryption also.


I can't imagine how that could wreak havoc on a server where more than your computer are storing things.


Encryption isn't necessarily bad, but I want the stuff stored on my computer or backup drive and I want to hold the key.

[avanti]

Quote:

Originally Posted by booster

Encryption isn't necessarily bad, but I want the stuff stored on my computer or backup drive and I want to hold the key.

Encryption isn't just "not bad," it (IMO) is getting very close to being absolutely essential. Essential services (banking, government credentials, etc) are rapidly moving 100% on-line. Although lots of people try to opt-out of this (and I don't really blame them), this is becoming increasingly untenable. And living an on-line life without end-to-end encryption is insane. If your stuff is not "at rest" encrypted on your mass storage devices, a physical breach of your equipment could be catastrophic. (This is particularly relevant to RVers, since we inevitably carry much of our digital stuff around with us in less-than-secure vehicles).

That said, I couldn't agree more about the importance of keeping exclusive personal control of your keys--for so many reasons I won't even get started. I know that people either love Apple or they hate it, but if this issue is important to you (and it should be), you should take a careful look at how they comport themselves when it comes to end-to-end encryption and key management. Whatever you think of their other design decisions and business practices, their commitment to delivering both security and privacy has no peer in the industry. Those cases in which the FBI has to go to Israeli government hackers to crack an iPhone are telling.

[@Michael]

Quote:

Originally Posted by Winston

On the bigger issue, we're glad we found this thread before making the decision to upgrade as our storage is a file-server (NAS) that many computers access. Can anyone comment on how this new 'encryption' is handled on external storage devices and, if such external servers are encrypted, how do the multiple other computers gain access to this common encrypted data?

Modern operating systems (IoS, Android, Windows 10+) default to encrypted local file systems. I.E. - It's possible that your local file system is already encrypted (Control Panel/Manage Bitlocker). Once a file is transferred to a networked file server (or NAS) it's automatically unencrypted. Whether or not the file server or NAS re-encrypts when storing the file is dependent on the configuration of that device. If configured to encrypt storage, the files will be automatically encrypted when stored, and unencrypted when they are accessed via the network.

[avanti]

Quote:

Originally Posted by @Michael

Modern operating systems (IoS, Android, Windows 10+) default to encrypted local file systems. I.E. - It's possible that your local file system is already encrypted (Control Panel/Manage Bitlocker). Once a file is transferred to a networked file server (or NAS) it's automatically unencrypted. Whether or not the file server or NAS re-encrypts when storing the file is dependent on the configuration of that device. If configured to encrypt storage, the files will be automatically encrypted when stored, and unencrypted when they are accessed via the network.

This correctly describes "traditional" network file servers, and the majority of consumer-level computing probably still works this way. However, it is NOT state of the art. Modern techniques employ "end-to-end" encryption, in which the data are NEVER decrypted, either when at rest or in motion. Unfortunately, to avail yourself of this level of protection often means buying into a single-vendor ecosystem. I haven't been tracking efforts as open-standards for cross-vendor end-to-end encryption, but I am sure it will emerge eventually.

FWIW, here is Apple's current take on all of this:
https://support.apple.com/en-us/HT202303

[Winston]

Quote:

Originally Posted by booster

Microsoft appears to be expanding from the OneDrive . . .

Quote:

Originally Posted by avanti

Encryption isn't just "not bad," it (IMO) is getting very close to being absolutely essential . . . (This is particularly relevant to RVers, since we inevitably carry much of our digital stuff around with us in less-than-secure vehicles).

I know that people either love Apple or they hate it . . .

Quote:

Originally Posted by @Michael

Modern operating systems (IoS, Android, Windows 10+) default to encrypted local file systems . . . Once a file is transferred to a networked file server (or NAS) it's automatically unencrypted . . .

We are very conscious of back-ups . . . while traveling we typically maintain the server and 2 additional backups. When we arrive at home, we place another copy off-premises and update 2 more copies at our home. Annually, we take a complete back-up to a safe deposit box. This has saved us . . . as, over the years we've been hit with ransom viruses three times (we've tightened our 'practices' and hopefully are now less susceptible because, back-ups notwithstanding, fixing computers and servers hit by such viruses can be multiple day projects).

Because of the above-noted extensive 'terrestrial' back-ups, we have elected NOT to use cloud based storage. Further reasons include: 1) we're not always connected to the Net; 2) Net services disappear or become suddenly more expensive; 3) It now takes 12TB to back-up all our data - - with our often questionable connections to the Net, moving this much data can be impractical and, we assume, costly.

But, Avanti, you have us rethinking 'protection'. Currently all our life secrets are carried with us in the RV on the noted NAS/Server. And it is unprotected. So our challenge will be to discover/configure an encryption system for our Asustor server. Any suggestions are welcome.

As for Apple, guess we're one of the 'haters' - - mostly because we've been playing with DOS/Windows for over 3 decades and are not anxious to swap-out many devices and learn a new system. Further, much of what we do is based on Windows based programs.

So, we're hoping that Windows 11 will not interfere with our 'terrestrial' system of file storage and backing up and will allow us to develop a separate system of encryption.

[avanti]

Quote:

Originally Posted by Winston

As for Apple, guess we're one of the 'haters' - - mostly because we've been playing with DOS/Windows for over 3 decades and are not anxious to swap-out many devices and learn a new system. Further, much of what we do is based on Windows based programs.

I want to be completely clear that I am in no way trying to convert anyone to Apple. I totally get the costs of changing, even if one wanted to, which many don't. Moreover, I hope that this thread doesn't turn into an Apple vs MS debate. (if it does, I will put my moderator hat on and start by deleting my own message.)

The ONLY reason I mentioned Apple is because their security/privacy model is genuinely state-of-the-art and worth understanding.

[@Michael]

Quote:

Originally Posted by Winston

So our challenge will be to discover/configure an encryption system for our Asustor server. Any suggestions are welcome.

From a quick read of ASUSTOR docs, it looks like it supports folder encryption. That might be a good place to start.

Quote:

Originally Posted by Winston

So, we're hoping that Windows 11 will not interfere with our 'terrestrial' system of file storage and backing up and will allow us to develop a separate system of encryption.

I'm pretty sure you'll still be compatible. Windows 11 has disabled a very old file share protocol (SMB/CIFS 1.0), but it's unlikely that you are using it.

[booster]

When I got the current PC probably 4 years ago, Microsoft was making it near impossible to get Windows 10 activated as standalone account and would make you have an MS account and always sign in through them. The got so much flack on it that they finally backed off and made it so you setup as standalone, but to do it I still had to have an MS account or they wouldn't do updates.


As Avanit said, they are all trying to lock you into their system by holding you kind of hostage with your own security protections.


My question would be...How secure are the encryption keys at Microsoft? Hackers have been able to get into essentially anything if it is worth their time, I think. What would all those keys be worth?

[@Michael]

Quote:

Originally Posted by booster

My question would be...How secure are the encryption keys at Microsoft? Hackers have been able to get into essentially anything if it is worth their time, I think. What would all those keys be worth?

Info on Onedrive Security

FWIW - I made the decision to 'trust the cloud' years ago.

I used to roll my own home backups using tools I wrote that were equivalent to Apple's Time Machine (and preceded Time Machine by many years), with rotated offsite backups & etc. Given the capability of modern cloud providers, I'm more than happy to offload that to a cloud provider.

Before I retired, I helped initiate a migration of billions of records of finance, HR and student data, hundreds of millions of staff and student files, a million identities and hundreds of thousands of e-mail accounts to cloud providers (mostly Microsoft).

Jumped in with both feet.
--Mike