Comment by weikju

2 years ago

It doesn't matter how well they protect it, they still have the credential, and they decrypt it in order to be able to use it, so for all intents and purposes, it's in the clear _for Microsoft_ (and whoever else manages to have access). This is not how it should be.

1 comment

weikju

Reply
magicalhippo  2 years ago

Obviously, and this is something they should communicate clearly.

But if they were to provide such a "service" I'd expect them to minimize exposure, including the steps I mentioned.