Transcript

A wafrn woot (post) by @tinker@infosec.exchange saying “Microsoft Authenticator needs me to validate with Authenticator in order to log in with Authenticator to use it to authenticate another app with Authenticator. Here is the app telling me to open itself to validate itself with itself. #infosec #iHateComputers” It has a screenshot showing the microsoft authenticator app.

  • Tash@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 month ago

    Pretty sure you have another device registered with Authenticator here, and it is asking you to verify against that.

    It would be bad if somebody could just steal your username/password and then register their own MFA, right?

    • ByteWelder@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      This happens when your Microsoft account password is externally managed by your employer. If the password is changed externally, then authenticator needs to re-authenticate… with itself.

  • BlessedDog@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 month ago

    Currently doing an internship at an establishment with 1300+ users using Microsoft authenticator (required by policy). The amount of times I’ve had this same issue is insane. Worst part is, when we provision someone with a new company phone, they have to go to the Google play store to download Microsoft authenticator. The play store however, requires a google login to download apps, but the users cannot log in to their company Google account without authenticator, creating a circular dependency. This unintentionally means every employee HAS to have a personal google account to set up their company google account… Stupid as hell.

  • Broadfern@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    This is why I hate passkeys and authenticators (as mandatory requirements). The moment I lose my phone I’m just completely fucked with no recourse, in actual use case.

    • TrickDacy@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      1 month ago

      Yeah I had a beautiful moment trying to use Google’s find my phone feature in another country when it asked me to use MFA on…my fucking phone. Turned off Google MFA forever after that near nightmare. Luckily another kind tourist found and turned in my phone to the nearest worker at the place I was visiting

      • hdnsmbt@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Yeah, I also had a beautiful moment trying to use Google’s find my phone feature in another country when I didn’t know my password. Used “password123” after that near nightmare.

        Security works best when it’s really easy to get into my account even though I don’t remember my credentials.

        • TrickDacy@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          1 month ago

          No the best system is if you try to find your phone without having your phone, a cybernetic lifeform should track you down and rip your spine out for trying to find your phone. Then some dipshit on the Internet without a shred of humanity can feel smugly superior about it

          • hdnsmbt@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 month ago

            some dipshit on the Internet without a shred of humanity

            Fuck right off, buddy. You confessed to making dumb security choices on the internet and got mocked for it, yeah. This has nothing to do with “oh the humanity!”