Microsoft Authenticator will soon provide codes via WhatsApp
Microsoft is working on two improvements for its Microsoft Authenticator application. The first tests the delivery of authentication codes via Meta's WhatsApp application instead of SMS, the second attempts to limit Authenticator notifications, if these originate from suspicious sources.
Microsoft Authenticator is the company's official two-factor authentication application. It supports authentication systems by the company and by third-parties, and is available for Google Android and Apple iOS devices.
The basic idea behind multi-factor authentication systems is the following one: instead of allowing users to sign-in with just a username and password, users are asked to provide a code as a second authentication factor.
You may want to check out our list of the best authenticator apps for Android and iOS.
In Microsoft Authenticator's case, the app displays a notification to the user by default, which contains a confirmation prompt. Once the user has given the okay, the sign-in operation completes and access is granted.
Microsoft Authenticator supports passwordless sign-ins as well, something that Microsoft introduced some time ago for its services. Even with passwordless sign-ins enabled, Microsoft Authenticator may display notifications to the user. While misuse is easy to spot for Microsoft customers who have enabled passwordless sign-ins, there is still the chance of accepting a sign-in while distracted.
One of the Microsoft Authenticator improvements attempts to block notifications from sources that Microsoft identified as untrustworthy; this should limit these types of notifications, but there is also a chance that a legitimate notification is blocked by Microsoft's systems. To address this case, Microsoft Authenticator does display the sign-in prompt when the application is opened by the user.
Microsoft plans to launch the change in the coming two months. It is unclear if Outlook, which was updated recently with authentication support, will also receive the changes.
Another new Microsoft Authenticator feature is the ability to receive confirmation codes via WhatsApp and not via SMS. SMS is notoriously unsafe. While WhatsApp has its own share of issues associated with it, including privacy concerns, it is giving users of the application another option. Microsoft plans to launch a trial in October, but only for users in India, Indonesia and New Zealand.
Microsoft has yet to make a public announcement regarding the changes. Information about the planned features has been posted to the Microsoft 365 Admincenter only at the time.
Now You: do you use an authenticator app? (via Dr. Windows)
Only morons and tech illiterate people use Whatsapp, when Telegram exists.
Who in their right mind uses anything by Meta (BTW, Threads is already DEAD, lol).
I use Microsoft Authenticator app and it works decently with password less authentication for Microsoft accounts(and other 2FA sites as well). Dunno why WhatsApp codes are needed when delivering notifications why the installed app is more secure.
My family uses a VPN.
On top of that, they are thorough the fingerprint resistance of the devices and apps we use, as well as Google and other tracking measures.
So Google’s two-factor authentication “always considers our family as suspicious and blocks us”.
Well, my family doesn’t care because we choose not to use services that require Google’s means.
However, I fear that if all services require “two-factor authentication”, we may find ourselves in the same dilemma as Google.
Our family has moved to a “digital detox” lifestyle, but the Japanese government has forced all citizens to use a “My Number Portal Card on the Web”.
This is going against the SDGs, decarbonized and low-carbon society.
The use of the “My Number Portal Card on the Web” that the Japanese government forces all citizens to use is a means for the government to monitor and control all citizens (like Russia and China).
In the system, the origin is the national uniform number system,the people were always opposed, but the ruling party forced it.
Similar case study
https://jrhawley.ca/2023/08/07/blocked-by-cloudflare
Some excerpts are quoted below:
Well, it finally happened to me. I was blocked out of a website I need for work because of Cloudflare. And I have no idea if or when I’ll be let back in.
The Web Integrity API proposal that has so many people and companies in uproar about the future of the web is precisely this kind of proposal. If and when financial companies opt in to remote attestation policies for their websites, it will place greater restrictions on the types of hardware, operating systems, and software individuals can use. I understand that there are legitimately good reasons to block certain combinations of hardware and software, say old devices with known vulnerabilities that cannot get patched. But decisions like this from corporate entities always seem to have motivated reasoning that increases the control of corporations at the cost of the freedoms or rights of individuals.
Idiocracy
That is the best documentary of all time.
ms authentication app barely works as it is.
Authentication via social media?
One thing never changes, there is always something dumber.
Worst decision of the week. IMHO the Whatsapp app is insecure as hell to receive codes or whatever because it’s difficult to see the legitimacy of the sender. SMS is even better because you can trace the sender. Indeed the email option is not 100% secure neither. The best solution is the creation of its own app and receive notifications through it, clearly secured an ciphered side by side. Thanks for the article by the way. :]