this post was submitted on 05 Jan 2024
0 points (NaN% liked)

Memes

45158 readers
2888 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
0
Recursive authentication (lemmy.world)
submitted 8 months ago by qaz@lemmy.world to c/memes@lemmy.ml
6 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] CoopaLoopa@lemmy.dbzer0.com 0 points 8 months ago (1 children)

This is specifically an issue with corporate M365 accounts when a user tries to migrate to a new phone without access to the old phone where the authenticator was setup.

Personal MS accounts can backup their auth secret keys to cloud storage, and when signing in on a new device, it authenticates you with your cloud storage (Google/Apple) and properly restores your MS Authenticator app.

The issue is that while MS says you can backup your corporate M365 accounts in MS Authenticator, it doesnt actually store the secret key, so it's useless.

Have your administrator enable TAP (Temporary Access Passwords) on the tenant. Then an M365 admin can create a TAP for your account that lets you login without a password/2FA. You can use the TAP to login and rejoin MS Authenticator app. The TAP expires in 1 hour by default.

[โ€“] agressivelyPassive@feddit.de 0 points 8 months ago

MS auth also supports SMS via phone number. That's a whole new level of insecure, but lets you migrate to a new phone rather easily.

I'm 90% sure, all that 2FA crap is a sham anyway.