Microsoft Authenticator will soon provide codes via WhatsApp

Martin Brinkmann
Aug 10, 2023
Apps, Security
|
10

Microsoft is working on two improvements for its Microsoft Authenticator application. The first tests the delivery of authentication codes via Meta's WhatsApp application instead of SMS, the second attempts to limit Authenticator notifications, if these originate from suspicious sources.

Microsoft Authenticator is the company's official two-factor authentication application. It supports authentication systems by the company and by third-parties, and is available for Google Android and Apple iOS devices.

The basic idea behind multi-factor authentication systems is the following one: instead of allowing users to sign-in with just a username and password, users are asked to provide a code as a second authentication factor.

You may want to check out our list of the best authenticator apps for Android and iOS.

In Microsoft Authenticator's case, the app displays a notification to the user by default, which contains a confirmation prompt. Once the user has given the okay, the sign-in operation completes and access is granted.

Microsoft Authenticator supports passwordless sign-ins as well, something that Microsoft introduced some time ago for its services. Even with passwordless sign-ins enabled, Microsoft Authenticator may display notifications to the user. While misuse is easy to spot for Microsoft customers who have enabled passwordless sign-ins, there is still the chance of accepting a sign-in while distracted.

One of the Microsoft Authenticator improvements attempts to block notifications from sources that Microsoft identified as untrustworthy; this should limit these types of notifications, but there is also a chance that a legitimate notification is blocked by Microsoft's systems. To address this case, Microsoft Authenticator does display the sign-in prompt when the application is opened by the user.

Microsoft plans to launch the change in the coming two months. It is unclear if Outlook, which was updated recently with authentication support, will also receive the changes.

Another new Microsoft Authenticator feature is the ability to receive confirmation codes via WhatsApp and not via SMS. SMS is notoriously unsafe. While WhatsApp has its own share of issues associated with it, including privacy concerns, it is giving users of the application another option. Microsoft plans to launch a trial in October, but only for users in India, Indonesia and New Zealand.

Microsoft has yet to make a public announcement regarding the changes. Information about the planned features has been posted to the Microsoft 365 Admincenter only at the time.

Now You: do you use an authenticator app? (via Dr. Windows)

Summary
Microsoft Authenticator will soon provide codes via WhatsApp
Article Name
Microsoft Authenticator will soon provide codes via WhatsApp
Description
Microsoft is working on sending codes via WhatsApp when using its Microsoft Authenticator application.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. notanon said on August 13, 2023 at 9:38 pm
    Reply

    Only morons and tech illiterate people use Whatsapp, when Telegram exists.

    Who in their right mind uses anything by Meta (BTW, Threads is already DEAD, lol).

  2. Kirk said on August 12, 2023 at 7:02 am
    Reply

    I use Microsoft Authenticator app and it works decently with password less authentication for Microsoft accounts(and other 2FA sites as well). Dunno why WhatsApp codes are needed when delivering notifications why the installed app is more secure.

  3. owl said on August 11, 2023 at 2:40 am
    Reply

    My family uses a VPN.
    On top of that, they are thorough the fingerprint resistance of the devices and apps we use, as well as Google and other tracking measures.
    So Google’s two-factor authentication “always considers our family as suspicious and blocks us”.
    Well, my family doesn’t care because we choose not to use services that require Google’s means.

    However, I fear that if all services require “two-factor authentication”, we may find ourselves in the same dilemma as Google.
    Our family has moved to a “digital detox” lifestyle, but the Japanese government has forced all citizens to use a “My Number Portal Card on the Web”.
    This is going against the SDGs, decarbonized and low-carbon society.

    1. owl said on August 11, 2023 at 2:51 am
      Reply

      The use of the “My Number Portal Card on the Web” that the Japanese government forces all citizens to use is a means for the government to monitor and control all citizens (like Russia and China).
      In the system, the origin is the national uniform number system,the people were always opposed, but the ruling party forced it.

      1. owl said on August 11, 2023 at 4:45 am
        Reply

        Similar case study

        https://jrhawley.ca/2023/08/07/blocked-by-cloudflare
        Some excerpts are quoted below:

        Well, it finally happened to me. I was blocked out of a website I need for work because of Cloudflare. And I have no idea if or when I’ll be let back in.

        The Web Integrity API proposal that has so many people and companies in uproar about the future of the web is precisely this kind of proposal. If and when financial companies opt in to remote attestation policies for their websites, it will place greater restrictions on the types of hardware, operating systems, and software individuals can use. I understand that there are legitimately good reasons to block certain combinations of hardware and software, say old devices with known vulnerabilities that cannot get patched. But decisions like this from corporate entities always seem to have motivated reasoning that increases the control of corporations at the cost of the freedoms or rights of individuals.

  4. Riley Reid said on August 10, 2023 at 10:54 pm
    Reply

    Idiocracy

    1. Tachy said on August 11, 2023 at 6:46 am
      Reply

      That is the best documentary of all time.

  5. dmacleo said on August 10, 2023 at 8:27 pm
    Reply

    ms authentication app barely works as it is.

  6. Tachy said on August 10, 2023 at 5:45 pm
    Reply

    Authentication via social media?

    One thing never changes, there is always something dumber.

  7. John G. said on August 10, 2023 at 3:40 pm
    Reply

    Worst decision of the week. IMHO the Whatsapp app is insecure as hell to receive codes or whatever because it’s difficult to see the legitimacy of the sender. SMS is even better because you can trace the sender. Indeed the email option is not 100% secure neither. The best solution is the creation of its own app and receive notifications through it, clearly secured an ciphered side by side. Thanks for the article by the way. :]

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.