this post was submitted on 18 Oct 2023
119 points (94.7% liked)
Technology
59152 readers
2312 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
My company recently started using MS Authenticator for 2FA in our emails. At first I was pleased about the extra security. But the way they implemented it is so fucking bonkers I can’t even handle it.
When you log in, it tells you to check your phone. On your phone you have to enter your password, then wait about 10 seconds, use biometrics, then they show you a number, and then ask you to type that number - on your phone, the same fucking device they showed it to you. And if you miss the number flashing, the text box where you enter the number covers the number so you have to tap “I can’t see the number, hide this box”. Then, if you’re trying to check your email on mobile, you have to force quit Outlook because it won’t load new emails until it launches.
The worst part is that you lose your token two times a day. So you have to log in twice a day on every device you use. It’s such a hindrance to productivity it’s insane.
That does not sound right. They should be promoting you to enter the number on the device where you initiated the authentication, not on your phone; at least that is how it works for me when I connect my company laptop to VPN - I have to use MS Authenticator on my phone, which shows a number (protected by two biometrics), which I then have to enter on my laptop.
No, OP is completely correct. It’s all down to how the company configures their MFA, but MS MFA will definitely show you a two-digit number on the system you initiated the auth on, and force you to type that on your Authenticator app.
I work with a vendor that has this setup and do this every day when accessing their systems.
Thankfully my own company doesn’t have the type a number stuff turned on.
Yes you are right, that is how I have to do it - I got it the wrong way round in my previous post. I enter the numbers into the app on my phone.