Software

Microsoft’s Move Away From Passwords Towards Biometrics

Posted on by Andy Miller

In a recent interview with CBNC, Microsoft’s Corporate Vice President and Chief Information Officer Bret Arsenault signalled the corporation’s move away from passwords on their own as a means of authentication towards (biometrics) and a “passwordless future”.

Passwords – Not Enough On Their Own

Many of us are now used to two-factor authentication e.g. receiving a code via text or using apps such as Google Authenticator as a more secure way of using passwords.  Mr Arsenault also notes that hacking methods such as “password spraying”, where attackers attempt to access large numbers of accounts at once using some of the most commonly used passwords, are still effective and highlight the weakness of relying on passwords being used on their own.  Mr Arsenault highlights how damaging this can be for businesses where a hacker can get password/employee identity and use this to gain access to a whole network. This is one of the reasons why many businesses, including Microsoft, are moving away from the whole idea of passwords.

Setting Example – Biometrics

Microsoft is one of the most-attacked companies in the world, and this, combined with reports of the billions of password hack incidents worldwide, have driven the company to move beyond passwords.

For example, 90% of Microsoft’s 135,000 workforce can now log into the company’s corporate network without passwords using biometric technology such as facial recognition and fingerprint scanning via apps such as ‘Windows Hello’ and the ‘Authenticator’ app.

Also Uses Federated Cybersecurity

In addition to rejecting passwords for biometrics, Microsoft also uses a federated cybersecurity model.  This means that each Microsoft product has its own head of cybersecurity and that ethical hackers are actively encouraged to attack the company’s networks and products to test for flaws.

Scrapping Password Expiration Policies

Microsoft has announced that it is scrapping its password expiration policies in Windows 10 arguing that password expiration is an out of date method of data protection.  Users will now effectively be forced to update their passwords every few months once the Windows 10 May 2019 has been rolled out.

Other Tech Companies Moving Away From Passwords

Other tech companies that are known to be moving away from passwords towards biometrics and other methods include Google which has been testing USB key fobs which plug into customers’ computers and provide a second factor of authentication and Cisco which acquired dual-factor authentication start-up Duo in 2018.

What Does This Mean For Your Business?

As Microsoft points out, multi-factor authentication is more secure than relying on just a password for authentication, as password spraying and credential stuffing are widely in use and are still yielding good results for hackers.  As a recent National Cyber Security Centre (NCSC) survey has shown, many people still rely upon weak passwords, with ‘123456’ featuring 23 million times, making it the most widely-used password on breached accounts. There is a strong argument, therefore, for many businesses to look, as Microsoft is looking, towards more secure biometric methods of authentication, and towards a “passwordless future”.

Even though biometrics has been shown to make things incredibly difficult for cybercriminals to crack it, biometrics has not proven to have been 100% successful to date.  For example, a Reddit user recently claimed to have used a 3D printer to clone a fingerprint and then use that fake fingerprint to beat the in-display fingerprint reader on a Samsung Galaxy S10. Also, there was the report of the Twitter user who claimed to have fooled Nokia 9 PureView’s fingerprint scanner by using somebody else’s finger, and then just a packet of chewing gum, and of the incident back in May 2017 where a BBC reporter said that he’d been able to fool HSBC’s biometric voice recognition system by passing his brother’s voice off as his own.

There is no doubt that the move away from passwords to biometrics is now underway, but we are still in the relatively early stages.

Slack Builds Email Bridge

Posted on by Andy Miller

Chat App and collaborative working tool Slack appears to have given up the fight to eliminate email by allowing the introduction of new tools that enable Slack collaboration features inside Gmail and Outlook, thereby building a more inclusive ‘email bridge’.

What Is Slack?

Slack, launched ‘way back’ in 2013, is a cloud-based set of proprietary team collaboration tools and services. It provides mobile apps for iOS, Android, Windows Phone, and is available for the Apple Watch, enabling users to send direct messages, see mentions, and send replies.

Slack teams enable users (communities, groups, or teams) to join through a URL or invitation sent by a team admin or owner. It was intended as an organisational communication tool, but it has gradually been morphing into a community platform i.e. it is a business technology that has crossed-over into personal use.

Email Bridge

After having a five-year battle against email, Slack is building an “email bridge” into its platform that will allow those who only have email to communicate with Slack users.

Aim

The change is aimed at getting those members of an organisation on board who have signed up to the Slack app but are not willing to switch entirely from email to Slack. The acceptance that not everyone wants to give up using their email altogether has made way for a belief by Slack that something at least needs to be built-in to the app to allow companies and organisations to be able to leverage the strengths of all their workers, and at least allow those organisation and team members who are separated because of their Slack vs email situation to be connected to the important conversations within Slack. It will also now mean that companies and organisations have time to make the transition in working practices at their own pace (or not ) i.e. migrate (or not migrate) entirely to Slack.

How?

The change supports Slack’s current Outlook and Gmail functionality, which enables users to forward emails into a channel where members can view and discuss the content and plan responses from inside Slack. It also allows anything set within the Outlook or Gmail Calendar to be automatically synced to Slack.

The new changes will allow team members who have email but have not committed to Slack to receive an email notification when they’re mentioned by their username in channels or are sent a direct message.

What Does This Mean For Your Business?

Slack appears to have listened to Slack users who’d like a way to keep connected with their e-mail only / waiting to receive credentials colleagues, and the email bridge is likely to meet with their approval in this respect.  For Slack, it also presents the opportunity gently for those people who are more resistant to change into eventually making the move to Slack.

This change is one of several announced by Slack, such as the ‘Actions’ feature last year, and the two new toolkits (announced in February this year) that will allow non-coders to build apps within Slack.

Slack knows that there are open source and other alternatives in the market, and the addition of more features and more alliances will help Slack to provide more valuable tools to users, thereby helping it to gain and retain loyalty and compete in a rapidly evolving market.

‘ManyChat’ Raises $18 million Funding For Facebook Messenger Bot

Posted on by Andy Miller

California-based startup ‘ManyChat’ has raised $18 million Series A funding for its Facebook Messenger marketing bot.

ManyChat

ManyChat Inc. is now the leading messenger marketing product, reportedly powering over 100,000 bots on Facebook Messenger.

ManyChat lets you use visual drag`n`drop interface to create a free Facebook Messenger bot for marketing, sales and support.  The bot is essentially a Facebook Page that sends out messages and responds to users automatically.

The ManyChat bot allows you to welcome new users, send them content, schedule posts, set up keyword auto-responses (text, pictures, menus), automatically broadcast your RSS feed and more.

The bot, which is a blend of automation and personal outreach also incorporates Live Chat that notifies you when a conversation is needed with a subscriber.

Facebook Messenger

ManyChat says it has focused on Facebook Messenger because it is the #1 app in the US and Canada with over 1 billion active users, and it is the most engaging channel with average 80% open rates and 4 to 10 times higher CTRs compared to email.

The Funding

The $18 million funding for ManyChat was led by Bessemer Venture Partners, with participation from Flint Capital, and means that Bessemer’s Ethan Kurzweil will be joining the board of directors, and Bessemer’s Alex Ferrara becomes a board observer.

1+ Million Accounts Created

ManyChat reports that more than 1 million accounts have been created on the platform already by customers in many different industry sectors.  The platform has also reported that these 1+ million customers have managed to enlist 350 million Messenger subscribers and that there are now a staggering 7 billion messages sent on the platform each month.

What Does This Mean For Your Business?

Bots provide a way for businesses to reduce costs, make better use of resources and communicate with customers and enquirers 24/7.

As ManyChat points out, it’s becoming increasingly difficult for businesses to effectively reach their audience because people open less email and social media is ‘noisy’ to the point where messages become lost in the crowd.  A key advantage of ManyChat, therefore, is that it uses Facebook Messenger as a private channel of communication with each user, it’s instant and interactive, no message is ever lost, and Messenger has huge user numbers. Other advantages that businesses will appreciate is that it’s free and easy to set up the bot (no coding skills are required), and it offers the best of both worlds of automated communications, and the option to jump in with Live Chat when it is needed.

This kind of bot could enable businesses and organisations to make their marketing more effective while maximising efficiency.

ManyChat is also good news for Facebook which owns Messenger as it appears to be boosting user numbers by finding an improved, business-focused use for the app.

For ManyChat, its Facebook Messenger bot appears to be only the beginning (hence the funding), with investors looking at platforms like Instagram, WhatsApp, RCS, and more to further expand bot marketing services in the future.

Chrome For Android ‘Fake Address’ Phishing Risk Discovered

Posted on by Andy Miller

Developer James Fisher has reported that small changes could be made to Chrome for Android that could enable fake URLs to be displayed and users to be ‘jailed’ in a fake browser, thereby leaving them vulnerable to being duped into visiting fake, malicious pages.

Fake URL Display

Mr Fisher explains on his website about the possible new phishing method here: https://jameshfisher.com/2019/04/27/the-inception-bar-a-new-phishing-method/ .

According to Mr Fisher, if you visit his page URL (as shown above) on Chrome for mobile (Android) and scroll a little way, the page displays itself as hsbc.com.  He reports that this is because, as a result of the few small changes he has made, the page is able to ‘jail’ the user into a ‘fake’ browser. Mr Fisher’s website includes a video of how scrolling leads to the fake URL being displayed.

How?

Mr Fisher explains on his website that, using his method in Chrome for mobile, if a user arrives at a web page that they believe to be trustworthy and scrolls down so that the URL is no longer visible, they can then be switched into a fake browser.  The user is then ‘jailed’ into the fake browser which can either use an insertion of a screenshot of Chrome’s URL bar on another website (in the case of his demonstration HSBC) in the webpage, or could be made to detect which browser it’s in, and forge an inception bar for that browser.  Either way, the user can be tricked into seeing the URL for a page they’re not actually on.

Also, Mr Fisher explains that in his research, as part of trapping the user in a “scroll jail” he was able to include a very tall padding element at the top so that if a user tries to scroll into the padding, they are simply scrolled back down to the start of the content so that it  looks like a page refresh.  This whole process could, in the wrong hands, be able to dupe a user and trap them on a malicious page.

Phishing Risk

The obvious risk is that this could be used as a phishing method i.e. directing users to a fake page to enable sensitive data to be stolen or to direct users to a page loaded with malware.

What Does This Mean For Your Business?

At least now that the potential security risk has been discovered, explained and demonstrated, this should give Google the opportunity to close this loophole, thereby reducing the risk to users of Chrome for mobile. Although (at the time of writing) there is no fix as yet from Google, Mr Fisher has suggested that one fix could be for Google to retain a small amount of screen space above what he describes as the “line of death”, rather than giving up all screen space to the web page. This could make space for Chrome to signal that ‘the URL bar is currently collapsed’.

Back in December, research by Internet Privacy Company DuckDuckGo was reported to have produced evidence that could show that even in Incognito mode, users of Google Chrome could still be tracked, and searches were still personalised accordingly. Also, in February this year, there were more PR woes for Google when the discovery of a microphone in Google’s Nest Guard product that was not listed in tech spec, but which was put down to an erroneous omission by Google, caused a backlash that escalated to the US Congress.

No Windows 10 Updates For PCs With USB Devices or SD Cards Attached

Posted on by Andy Miller

Microsoft has announced that if your PC has a USB device or SD card attached it will not be possible to upgrade the computer to the Windows 10 May 2019 Update because of an “Inappropriate drive reassignment” issue.

The Scenario

On its support site, Microsoft has announced that an attempt to upgrade a computer with the Windows 10 May 2019 Update will result in an error message being displayed if the following three factors are in place:

  1. You’re running a Windows-10 based computer that has either the April 2018 Update (Windows 10, version 1803) or the October 2018 Update (Windows 10, version 1809) installed.
  2. An external USB device or SD memory card is attached to the computer.
  3. You try to upgrade the computer to the May 2019 Update, or you have automatic updates turned on in the Windows Update settings.

Inappropriate Drive Reassignment

Microsoft says that the upgrade will not be able to occur in these situations because of the risk of inappropriate drive reassignment.  For example, a user may have booted Windows from external storage and may have left an external storage device (USB device or SD memory card) attached during the installation of the May 2019 upgrade.  Prior to the upgrade, the external device would have been mounted in the system as drive G based on the existing drive configuration, but after the upgrade, the device is reassigned a different drive letter e.g. H.  This is a situation that Microsoft is trying to avoid – hence the error message and the blocking of computers with external devices attached from receiving the upgrade.

The Workaround

According to Microsoft, the simple workaround is to remove the external media and restart the May 2019 Update installation.

Microsoft also says that the issue will be resolved in a future servicing update for Windows 10, and for Windows Insiders, the issue is resolved in build 18877 and later builds.

What Does This Mean For Your Business?

There is more than just a small element of Microsoft being cautious in issuing this error message and putting out information about the nature of the issue and workaround, after the many problems and bugs that led to Build 1809 having to be withdrawn after a few weeks before a re-issue. This time, Microsoft wants good publicity and good customer experience for its ongoing WaaS strategy.

If you’re planning to upgrade Windows 10 with the May 2019 Update and you want things to go smoothly, the advice is to make sure that you don’t have external storage devices connected to the computer at the same time.

Microsoft 365 Business Subscription Customers Get Shared Computer Activation (SCA)

Posted on by Andy Miller

SMEs that need to have multiple users (connecting to and using the same remote computer) but only have a (less-expensive) Microsoft 365 Business subscription have been given a boost by Microsoft in the form expanded rights with the imminent roll-out of SCA for Microsoft 365 Business.

What Is SCA?

Shared Computer Activation (SCA) is a service that allows a business to deploy Office 365 on a computer that is accessed by multiple users.

SCA That Doesn’t Count Against The Device Limit

The latest announcement from Microsoft means that Microsoft 365 Business subscribers (who would normally only be able to install and activate the Office 365 Business Client on a limited number of devices such as 5 PCs) will, with the roll-out from 30th April, be able to benefit from being able to use the Office 365 Business Client with shared computer activation enabled in a way that doesn’t count against that device limit.

Where It’s Useful

Situations (where this can add value and be useful to SMEs) include :

  • Multiple workers on different shifts at the same premises needing to use a shared computer with each worker using Excel on that computer during their shift to track orders & shipments.
  • Multiple workers use Word on shared computers at a work station throughout the day to create reports from a template.
  • Business owners and accounts staff can connect remotely to a Windows 2016 Server running Remote Desktop Services (RDS) to use Excel and the company’s accounting software.
  • Field service employees use Office on a computer that’s located in a conference room to update/write reports.
  • Remote workers connect from home connect to Windows Virtual Desktops (WVD) in Azure with Office installed to work on specific accounts/records.

Limitations

It is important to note that M365 Business does not include Office 365 Pro Plus, just the activation rights in the existing business client that comes in M365B.  The new SCA rights in M365 Business will, therefore, still require that each user be licensed, because companies can’t legally share Office on a single PC among, e.g. 5 users, where only three are covered by M365 Business licenses.

Also, users can only share the Windows, not a Mac version of Office on an SCA-covered machine.

What Does This Mean For Your Business?

Although Microsoft is not giving anything away as such with the SCA rights in M365 Business, it is, however, introducing something that takes account of how some industries need to work with software in real life i.e. computers often need to be  shared by multiple users with different user profiles, and multiple users in some businesses need to connect to the same remote computer at the same time. In this respect, it may add a great deal of value for many businesses, and in doing so, may help gain and retain customers, and lead to new opportunities for Microsoft.

SMEs are likely to welcome this added value service from Microsoft as they may have been stuck between having to choose E3 (without SCA), saving costs, and try to implement time-consuming workarounds to get more out of what they had.

Even though the roll-out date starts on April 30th, it may take a couple of months before the full roll-out is completed.

UK Government Services Information Accessible Via Voice-Activated Smart Speakers

Posted on by Andy Miller

After a six-month trial by the Government Digital Service (GDS) with a view to future-proofing the delivery of online services for citizens, 12,000 items of government information can now be accessed via voice-activated smart speakers and virtual assistants, such as Amazon Alexa and Google Home.

Wider Plan

The GDS trial that has made the information available via voice-activated smart -speakers is part of a wider plan to employ the use of third-party (voice) apps, machine learning, and other new technologies in order to simplify interactions between citizens services going forward. The millions of smart speakers now in use in UK homes means that voice-activated technology has provided an important first step for the government’s plans.

What Kind of Information?

Examples of the kind of government services information that’s now available via Alexa and Google home includes the dates of UK bank holidays, the minimum wage level, information about how to apply for a passport or pension, as well as the answers to childcare and tax-related questions.

Started A Year Ago

The plans to future-proof government services in this way were first made public a year ago when Neil Williams, head of Gov.uk at the time, said that around 400 services had already been identified as potential use cases for voice technology.

Machine Learning Added To Gov.uk website

The idea of integrating machine learning with the Gov.uk website is reported to have led to the creation of an algorithm that helps to tag all the content and develop a taxonomy, thereby making it much easier for users of the website to quickly access relevant information.

The Gov.uk website, which came online back in 2012 is reported to have resulted in huge efficiency savings, as well as making it much easier for citizens to access government content.

Innovation Strategy

In a recent blog post, The Minister for Implementation, Oliver Dowden, highlighted the importance of the GovTech Catalyst initiative in matching innovative private sector solutions with public sector challenges. Mr Dowden also announced the publication of an Innovation Strategy later this year that will share the government’s vision of how GDS and wider Cabinet Office will lay the foundations for the government to use emerging technologies.

What Does This Mean For Your Business?

There are many services that businesses need to access information about and having the information available quickly via smart speakers and virtual assistants could save time and money and help businesses to comply with government rules and regulations.  It could also help businesses to discover opportunities and help that may be available via government services for both the business itself and employees and other stakeholders.

The Gov.uk website has also been a money-saving tool for the government, and making more information available via smart speaker and apps, while improving the website and its operation using machine learning could provide greater savings in the future, while demonstrating how the government is making efforts to embrace and utilise the strengths of new technologies, and simplify access for to information for citizens.

Tech Tip – Free, Online AI Business School

Posted on by Andy Miller

If you’d like to get an understanding of what AI is and its implications for business strategy, corporate culture and business ethics, Microsoft, in partnership with global business school INSEAD has established a free, online business school.

The AI course offers a series of 10-minute lecture videos as well as academic lectures, case studies, executive perspective videos and technology talks, which combined provide a grounding in AI and its possible applications in your business.

The online school doesn’t require registration, and the course material can be accessed on demand via mobile devices or the desktop.

Access Microsoft’s AI Business School resources here: https://www.microsoft.com/en-us/ai/business

Windows 10 Breaks Traditional PC Hardware and OS Upgrade Links

Posted on by Andy Miller

With figures (Gartner) showing Windows 10 predicted to represent 75% of the professional PC market by 2021, continued PC sales and improved Windows 10  back-end management, Windows 10 is making (historically) time and resource consuming Windows OS and hardware upgrade projects a thing of the past, and is breaking the link between the two.

Mobile PCs A Popular Business Choice For Content Creation

Even though the whole global PC market is in decline, traditional PCs are set to decline by 3% in 2019 to total 189 million units, and smartphones are users’ primary mobile devices, mobile PCs look set to remain popular purchases for businesses because they are needed for content creation.

With laptop PCs running Windows 10, this is a key reason why Windows 10 represents such a large share of the professional PC market.

The SaaS model with its automatic bi-annual automatic upgrades is, therefore, the step to making teams responsible for OS upgrades in businesses a thing of the past.

Left Behind and At Risk

The growth, popularity, and general effectiveness of Windows10, coupled with the ending of support for older versions is making businesses still running older platforms (e.g. Windows 7) and thinking of putting off the upgrade to Windows 10 until 2020 look likely to be left behind in IT effectiveness terms, and at risk in security terms (support for Windows 7 support is scheduled to end in January 2020).

Businesses are also realising that:

  • They can’t skip a version i.e. waiting and skipping to Windows 11 is not an option – migration to Windows 10 may as well happen sooner rather than later.
  • Windows 10 is a modern operating system that allows organisations to run cloud applications and provide security much more effectively.
  • Microsoft has aligned upgrades of its cloud productivity suite, Office 365, to Windows 10, so not switching to Windows 10 could mean a competitive disadvantage.
  • Windows 10 enables businesses to automatically receive new, potentially value-adding features every six months.

Changing The Nature of Upgrades

With most businesses using Windows 10 and receiving automatic software upgrades every month, and more enterprise applications being consumed as software as a service (SaaS), hardware upgrades are more likely to be driven by wear and tear in future rather than by the availability of a new PC operating system from Microsoft.  This is the reason why Windows 10 has effectively disconnected the link between PC hardware and Windows operating system upgrades.

What Does This Mean For Your Business?

Figures show that laptop PCs with Windows 10 loaded on them are (and will continue to be for the near future) an important tool for many businesses, and that the automatic bi-annual upgrade and SaaS model of Windows 10 has disconnected the traditional link between PC hardware and Windows operating system upgrades.  The migration to Windows 10 can also not only free up resources once needed just to ensure OS upgrades, but can also improve security, competitiveness and operational effectiveness.

Windows 10’s successes and the weaknesses and threats of holding out until 2020 before upgrading are presenting strong arguments for businesses to take the plunge sooner and move to Windows 10.

Tech Tip – Free Graphic Design App For Android

Posted on by Andy Miller

Design social media posts, ads, presentations, cards, flyers and more with ‘Desygner’, a free, popular graphic design app for phone or tablet.  The app has an intuitive interface and thousands of templates to choose from. Although the basic offering is free, you can switch up to a £5.99 monthly subscription if you plan to use the app regularly.

To install the app, look for ‘Desygner’ in Google Play.