Microsoft Authenticator app adds phone sign-in option, skips the password

[Jos]

Remembering different passwords for dozens of online services can be quite a chore, but reusing the same on all of them is a huge detriment to your digital security. That’s why password managers exist and why some companies are trying to figure out ways to bypass passwords altogether. Through a new phone sign-in feature on its Authenticator apps on iOS and Android Microsoft is taking a shot at the latter.

The new feature has been available for some time as part of a 'soft launch', but the company has now announced that it is 'generally available' for all users to enjoy.

If you already use the Microsoft Authenticator app for your personal account, select the dropdown button on your account tile, and choose Enable phone sign-in. Once enabled, trying to log into your Microsoft account with prompt a notification on your phone. From there, you can tap "Approve" or "Deny" to allow or reject the login, essentially eliminating the need to enter a password altogether.

Ironically, the feature doesn’t work with the Windows version of Microsoft’s Authenticator app. As Microsoft's Alex Simons explaines, “Windows Phone makes up <5% of the active users of our Authenticator Apps so we have prioritized getting this working with iOS and Android for now. If/When it becomes a big success on those high scale platforms, we will evaluate adding support for Windows.”

You can always choose to use your password to sign in if you’ve forgotten your phone or your battery died. This is essentially two-factor authentication made a bit easier and more convenient.

Permalink to story.

https://www.techspot.com/news/69013-microsoft-authenticator-app-adds-phone-sign-option-skips.html

 

[MoeJoe]

So much deafening silence with respect to the Windows Phone world.

 

[oldikes]

Its no longer two factor verification..."two factor" = two methods of verification

 

[Kibaruk]

After trying Google's solution, I'm more than happy with this.

Its no longer two factor verification..."two factor" = two methods of verification

I think it is two factor, first you need to input your password on the Microsoft login, then second factor you approve on your phone (This is how Google does it, I might be wrong I haven't tried it). Even if it was 1 step, it would still be much MUCH safer than a password.

So much deafening silence with respect to the Windows Phone world.

Super on topic, as usual.

 

[oldikes]

I think it is two factor, first you need to input your password on the Microsoft login, then second factor you approve on your phone (This is how Google does it, I might be wrong I haven't tried it). Even if it was 1 step, it would still be much MUCH safer than a password.

yea I misread it, ive been using the authenticator app for months so I assumed it was already a public feature, and I read this as logging in with just the authetnticator and no password.

EDIT: actually I cant tell, but if it is just the app, its hardly much safer than the password IMO.

 

[Teko03]

Wouldn't recommend this without either a pass code or finger print lock to protect your phone, otherwise anyone with access to your phone as access to all of your Microsoft accounts. Plus this keeps it a "two factor authentication".

 

[Uncle Al]

Here's a dumb question. If you are using your phone number in lue of a password, once it gets hacked (and we know eventually it will) aren't you opening an entire new aspect of hacking and just plain annoying problems?

 

[Kibaruk]

Here's a dumb question. If you are using your phone number in lue of a password, once it gets hacked (and we know eventually it will) aren't you opening an entire new aspect of hacking and just plain annoying problems?

Yes and no, depending on how simple your password is and if someone with ill intention can get to your phone (Because it's not depending on your phone number but your phone as OS, with it's configuration files and so on).

EDIT: actually I cant tell, but if it is just the app, its hardly much safer than the password IMO.

It is much safer, someone would have to have physical access to your phone in order to hack you. While, your password can be taken in one of multiple ways from phishing to brute force cracking. In my book, if you don't protect your phone more than a password then you are screwed either way, someone with physical access to your phone can simply get a text to reset passwords, or get sent an email with reset link and so on.

 

[DelJo63]

Security BEGINS with physically controlling access. Once you loose control of the device, all bets are off.