this post was submitted on 18 Oct 2023
119 points (94.7% liked)
Technology
59710 readers
5729 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
My company recently started using MS Authenticator for 2FA in our emails. At first I was pleased about the extra security. But the way they implemented it is so fucking bonkers I can’t even handle it.
When you log in, it tells you to check your phone. On your phone you have to enter your password, then wait about 10 seconds, use biometrics, then they show you a number, and then ask you to type that number - on your phone, the same fucking device they showed it to you. And if you miss the number flashing, the text box where you enter the number covers the number so you have to tap “I can’t see the number, hide this box”. Then, if you’re trying to check your email on mobile, you have to force quit Outlook because it won’t load new emails until it launches.
The worst part is that you lose your token two times a day. So you have to log in twice a day on every device you use. It’s such a hindrance to productivity it’s insane.
That's pretty shitty implementation... By your IT department
Something is definitely wrong... or set up differently. I haven't had the need to use 2FA for Microsoft products on anything after the first time I sign in to a new device. Contact your IT department. They may be able to help you.
This is company wide and countless complaints have been made.
That does not sound right. They should be promoting you to enter the number on the device where you initiated the authentication, not on your phone; at least that is how it works for me when I connect my company laptop to VPN - I have to use MS Authenticator on my phone, which shows a number (protected by two biometrics), which I then have to enter on my laptop.
No, OP is completely correct. It’s all down to how the company configures their MFA, but MS MFA will definitely show you a two-digit number on the system you initiated the auth on, and force you to type that on your Authenticator app.
I work with a vendor that has this setup and do this every day when accessing their systems.
Thankfully my own company doesn’t have the type a number stuff turned on.
Yes you are right, that is how I have to do it - I got it the wrong way round in my previous post. I enter the numbers into the app on my phone.
Yea thats a really bad implementation. We use 2FA at my work and its much less cumbersome than this.
Your IT department set it up wrong in your Microsoft tenant.
We get the number on our device and the notification on mobile is right quick, so by the time you've unlocked your phone you click the notif, copy the number and done. That's not too unbearable.
And if you decide not to use ms Authenticator every time you log in with a third party one it’ll recommend you to get it every time. Don’t sell me shit when I’m trying to securely log in.