#75: Mind your P@assw0rds

Designer (28)

Be honest: when you sign up for some website, do you just use the same email address / password? If so, you’re not alone – around three-quarters of people reuse the same passwords, even though most know they really shouldn’t.

A CyberNews study of over 19 billion exposed passwords shows that many are weak and easy to guess, too – the most popular passwords for the last 15 years are, basically, “123456” and “password”. Some of the more high-profile security breaches have come about directly because of weak and compromised credentials.

ToW has talked about passwords a bit in the distant past – #620, #656 in the old days, and most recently, #33 – Securing your Microsoft Account (MSA). If you haven’t done so already, go right now to that last link and set up Multifactor Autthentication (MFA) on your Microsoft Account.

Authenticator being Edged out

Like Google Chrome, Firefox and pretty much every modern browser, Microsoft’s Edge can offer to generate nice complex passwords for you. It also has a password store which can automatically fill your usernames & passwords next time you revisit websites, so you don’t need to remember them or write them down, and synchronise them between different devices logged in with the same ID.

A screenshot of a computer screen

AI-generated content may be incorrect.

In shock news bordering on marginal enshittification, Microsoft has decided to remove a useful component of the Authenticator app that it prefers to use for managing 2FA/MFA on its various types of logins.

Thus far, if you have Authenticator set up with your Microsoft Account or an Entra ID, you can sync your passwords from the PC and be able to review them in the app, just as you would by going to Settings / Passwords options in the desktop Edge browser (or entering edge://wallet/passwords into the address bar).

A screen shot of a phone

AI-generated content may be incorrect.

This means that it can be handy to find a username/password when you’re mobile, in case you need to enter it manually, but also it allows Authenticator to provide an “autofill service” for other apps on your device, not just web pages. When you get unceremoniously signed out of an app just because it’s been automatically updated, the autofill service can recover and re-enter your username and password.

It’s this bit that is being yanked from Authenticator – for reasons unknown, other than “Microsoft is streamlining autofill”. Maybe nobody uses it? Maybe Microsoft would prefer anyone who does use Edge on their PC and who wants to access passwords while mobile, to be compelled to use Edge on their Phone also?

Similarly, Payment info that is synced from browser to Authenticator will be removed in July 2025.

A screenshot of a phone

AI-generated content may be incorrect.

The workaround (other than moving to a completely different password management system) is indeed to switch autofill provider on your phone to use Edge instead (having first installed it and synced it with your ID, if you haven’t already). In mitigation, the mobile versions of the browser are pretty good, and if you do use Edge on the PC or Mac, it makes sense to sync stuff across to your phone as well.

The password autofill is pretty much indistinguishable when using Edge in place of Authenticator. The UX for password management, however, isn’t so good (go into mobile Edge, Settings, and look for Passwords) but maybe that’s the price of progress?

#74: ZoomIt joins the other ’toys

A large toybox with the Windows logo on the side, half-full of interesting looking toys. One of them

There’s a long history of people building cool add-ons and tools for Windows. From “Tiny Elvis” which amazed Win3.1 users, to a whole suite of tech-nerd extensions called Winternals, offering stuff that could peer under the hood of the then-new Windows NT system. Some were officially produced – the Microsoft Plus! pack for Win95, or numerous Resource Kit tools spring to mind.

Microsoft internal teams released a free set of utilities called PowerToys for Windows 95: some background to the developments came out 20 years ago.

A new PowerToys package appeared more recently for Windows 10 and 11 – it’s a free collection of numerous utilities which extend Windows in some way. Some have featured in previous ToWs – #647 and #15 among them (the former being Old Testament before the Great Reset, the latter being in the new world).

PowerToys is updated regularly on GitHub (see details on https://aka.ms/powertoysresleasenotes) and gets bug fixes for some of the tools, or periodically, whole new additions. After 5 years, it’s still “Preview” and has reached v0.90.1. Perhaps that version number is asymptotic, in that it will never actually be 1.0.

There are currently 25+ tools ranging from occasionally useful things like Find My Mouse to larger, previously separate utilities which might be used every day, like Mouse without Borders.

Look on the system tray for the colourful PowerToys icon and left-click on it to get the Quick access menu (currently non-customizable, which is a bit odd – like, how often do you need to edit your Hosts file? ).

Double-click on the PowerToys system tray icon and you’ll get a more expansive dialog, allowing you to enable or disable individual utilities and get a reminder of what the keystroke is to invoke it.

Don’t fall asleep

One of those occasionally handy tools that, when enabled, has its own system tray icon, is Awake.

It shows up as a coffee cup in the System tray and can be used to over-ride any compulsion your PC has to go to sleep or even blank the screen. Handy if you’re downloading something from a slow network and you need to keep the PC active, or you want to keep the machine available for remote access etc.

Another use case is when using PIP/split-screen modes on large monitors, things can get a bit unpredictable if the primary input disappears through power saving schemes. Setting a longer timeout for the “Keep awake” will mean the screen doesn’t blank so quickly, until you revert to normal and let the machine’s power plan take over.

Zoom Zoom!

A recent addition to PowerToys is ZoomIt (not to be confused with the metadirectory services company which was a forerunner to Microsoft Identity Manager).

If you’ve ever watched Azure CTO and all round technical fellow Mark Russinovich present at a major conference, you’ve almost certainly seen him using ZoomIt. In a nutshell, you can zoom into a static grab of the screen, using the mouse or trackpad to smoothly zoom in and out. It lets you annotate highlights using the mouse – Mark would do this to underline some part of a demo he was giving, showing where something has changed or where a command should be entered.

powertoys-zoomit

As well as zooming on a static view, it can also zoom into a live part of the screen too (which might be handy for doing precision mousing), plus some other neat presenter-friendly tricks like having a full-screen countdown timer.

ZoomIt was originally built by Mark’s company Winternals, which became SysInternals, and was acquired by Microsoft in 2006. The tool is available standalone from PowerToys if you prefer, alongside many other technical utilities.