Microsoft Authenticator: Difference between revisions
Added a consumer workaround in 'Cross-platform migration friction' |
|||
| (5 intermediate revisions by 3 users not shown) | |||
| Line 8: | Line 8: | ||
|Website=https://www.microsoft.com/en-us/security/mobile-authenticator-app, https://support.microsoft.com/en-us/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc | |Website=https://www.microsoft.com/en-us/security/mobile-authenticator-app, https://support.microsoft.com/en-us/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc | ||
|Description=A free app that secures Microsoft accounts with single sign-on (SSO) and provides multi-factor authentication (MFA) to various other online services. | |Description=A free app that secures Microsoft accounts with single sign-on (SSO) and provides multi-factor authentication (MFA) to various other online services. | ||
}}'''Microsoft Authenticator''' is a free mobile app that secures the user's Microsoft account with single sign-on (SSO) and provides multi-factor | }}'''Microsoft Authenticator''' is a free mobile app that secures the user's Microsoft account with single sign-on (SSO) and provides multi-factor authentication (MFA) for other online services. | ||
One of its key functions is generating secure, ephemeral, random six-digit tokens to enable two-factor authentication (2FA) for arbitrary online services. | One of its key functions is generating secure, ephemeral, random six-digit tokens to enable two-factor authentication (2FA) for arbitrary online services. | ||
==Consumer | ==Consumer impact summary== | ||
{{Ph-C-CIS}} | {{Ph-C-CIS}} | ||
=== User | ===User freedom=== | ||
====Inability to export codes==== | |||
==== Inability to export codes ==== | [[File:Proton Microsoft Authenticator.png|thumb|325x325px]] | ||
Like [[Authy]], Microsoft Authenticator does not allow the user to export their MFA codes to another service. | Like [[Authy]], Microsoft Authenticator does not allow the user to export their MFA codes to another service. | ||
= | ====Cross-platform migration friction==== | ||
===Cross- | Microsoft Authenticator does ''not support'' direct cross-platform restore. This means that if a user with many accounts synced on an iPhone purchases an Android device, they have effectively two options to continue using Microsoft Authenticator for MFA: | ||
#Retain possession of the old iPhone for daily MFA needs, or | #Retain possession of the old iPhone for daily MFA needs, or | ||
#Manually reconfigure every service that depends on Microsoft Authenticator for MFA on the new Android device. | #Manually reconfigure every service that depends on Microsoft Authenticator for MFA on the new Android device. | ||
For personal power users, manual reconfiguration may be inconvenient but feasible. However, for work accounts, this process is often impractical as it may require administrative privileges beyond the | For personal power users, manual reconfiguration may be inconvenient but feasible. However, for work accounts, this process is often impractical as it may require administrative privileges beyond the user's own. | ||
Microsoft's official documentation acknowledges this limitation, stating: | |||
<blockquote>"'''Important''': You can only backup and restore on the same device type: accounts backed up using an iOS device cannot be restored on an Android device."<ref>{{Cite web |date=2025-10-07 |title=Back up your accounts in Microsoft Authenticator |url=https://support.microsoft.com/en-us/account-billing/back-up-your-accounts-in-microsoft-authenticator-bb939936-7a8d-4e88-bc43-49bc1a700a40 |url-status=live |archive-url=https://web.archive.org/web/20260131003513/https://support.microsoft.com/en-us/account-billing/back-up-your-accounts-in-microsoft-authenticator-bb939936-7a8d-4e88-bc43-49bc1a700a40 |archive-date=2026-01-31 |access-date=2025-10-07 |website=[[Microsoft]]}}</ref></blockquote> | |||
===== Consumer workaround ===== | |||
For people who were initially pushed to use MS Authenticator for their Microsoft work account, the easy workaround is to switch to [[wikipedia:Time-based_one-time_password|TOTP]] instead of notification-based codes as their 2-factor authentication method. Copilot365 accounts have this option, and when one adds this method in their security settings, they don't have to export MFA codes from the MS Authenticator app.<ref>{{Cite web |date=5 Jun 2026 |title=Using Keeper TOTP with Azure or Office 365 |url=https://docs.keeper.io/user-guides/tips-and-tricks/using-keeper-totp-with-office-365 |url-status=live |archive-url=https://web.archive.org/web/20260605085339/https://docs.keeper.io/user-guides/tips-and-tricks/using-keeper-totp-with-office-365 |archive-date=5 Jun 2026 |access-date=5 Jun 2026 |website=Keeper}}</ref> Instead, they can simply set up another authenticator app, like Ente Auth or [[Proton Authenticator]] and import their TOTP code. Both of which are fully cross-platform compatible, and allow you to sync with multiple platforms, even on PC with their desktop apps. | |||
==Incidents== | |||
===Removal of password manager (''June 2025'')=== | |||
===Removal of password manager (June 2025)=== | In June 2025, Microsoft Authenticator users were no longer be able to save new passwords in the app. Then in July 2025, autofill was removed and no longer available. And finally in August 2025, saved passwords were deleted in the Authenticator app.<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=2025-07-01 |title=Microsoft Removes Password Management from Authenticator App Starting August 2025 |url=https://thehackernews.com/2025/07/microsoft-removes-password-management.html |url-status=live |archive-url=https://web.archive.org/web/20251216031451/https://thehackernews.com/2025/07/microsoft-removes-password-management.html |archive-date=2025-12-16 |access-date=2026-03-12 |website=The Hacker News}}</ref><ref>{{Cite web |last=Watkins |first=Jessica |date=2025-06-13 |title=Microsoft Deleting Saved Passwords From Auth App |url=https://flamingltd.com/microsoft-deleting-saved-passwords-from-auth-app/ |url-status=live |archive-url=https://web.archive.org/web/20251205183620/https://flamingltd.com/microsoft-deleting-saved-passwords-from-auth-app/ |archive-date=2025-12-05 |access-date=2026-03-12 |website=Flaming}}</ref><ref>{{Cite web |last=Brinkmann |first=Martin |date=2025-05-05 |title=Microsoft removes Authenticator App feature to promote Microsoft Edge |url=https://www.ghacks.net/2025/05/05/microsoft-removes-authenticator-app-feature-to-promote-microsoft-edge/ |url-status=live |archive-url=https://web.archive.org/web/20251210071101/https://www.ghacks.net/2025/05/05/microsoft-removes-authenticator-app-feature-to-promote-microsoft-edge/ |archive-date=2025-12-10 |access-date=2026-03-12 |website=ghacks.net}}</ref> | ||
In June 2025, Microsoft Authenticator users were no longer be able to save new passwords in the app. Then in July 2025, autofill was removed and no longer available. And finally in August 2025, saved passwords were deleted in the Authenticator app.<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=2025-07-01 |title=Microsoft Removes Password Management from Authenticator App Starting August 2025 |url=https://thehackernews.com/2025/07/microsoft-removes-password-management.html |url-status=live |archive-url=https://web.archive.org/web/20251216031451/https://thehackernews.com/2025/07/microsoft-removes-password-management.html |archive-date=2025-12-16 |access-date=2026-03-12 |website= | |||
==See also== | ==See also== | ||
| Line 39: | Line 45: | ||
==References== | ==References== | ||
{{ | {{Reflist}} | ||
[[Category: | [[Category:Microsoft|Authenticator]] | ||