This is specifically an issue with corporate M365 accounts when a user tries to migrate to a new phone without access to the old phone where the authenticator was setup.
Personal MS accounts can backup their auth secret keys to cloud storage, and when signing in on a new device, it authenticates you with your cloud storage (Google/Apple) and properly restores your MS Authenticator app.
The issue is that while MS says you can backup your corporate M365 accounts in MS Authenticator, it doesnt actually store the secret key, so it’s useless.
Have your administrator enable TAP (Temporary Access Passwords) on the tenant. Then an M365 admin can create a TAP for your account that lets you login without a password/2FA. You can use the TAP to login and rejoin MS Authenticator app. The TAP expires in 1 hour by default.
Aegis Authenticator is the best 🏆
Thank you, how about for iOS users?
Just switch to Android/AOSP lolI’ve heard good things about Raivo Authenticator for Apple devices, although I’ve never used it myself.
Best one out there
Fun fact: when my country transitioned to a new public authentication app, the default way was to use your passport to register. My passport was expired, though, so I had to show up in person with my birth certificate and social security card equivalent.
To get my birth certificate, I had to show up at the local office with, you guessed it, my passport.
Lucky for me that they accepted it in spite of being expired (none of the pertinent information such as my face, name and birth date had expired, after all), or I would probably be trapped in the loop to this day, years later.
Ohh, that reminds me of when I moved to Sweden. Their digital ID, bankID, is as the name suggests issued by your bank, not the government, even though it is used for all official authentication. And that includes… you guessed it, creating a bank account. So that was a real chicken and egg situation where it seemed impossible to be properly integrated into the Swedish system.
Why do y’all in Europe have your bank manage your legal ID? Seems a bit backwards
We don’t. We show banks picture ID to prove that we are who we say we are. That picture ID is usually our passport or driver’s license, neither of which is managed by the bank.
Hi neighbor! waves across Øresund
Yeah, I’m a big fan of Scandinavian style government (unlike the current governments of both of our countries, it would seem) in general, but sometimes the bureaucracy can get a little bit ridiculous 😂
I think you have the situation everywhere. At one time in France they ask you for your bank account details to see that you have funds so that they give an ID. But the bank will refuse to open you an account without an ID. So it will depend on the agent handling your request.
Wait, is this really possible? With Steam you still will be able to access TOPT in the mobile app if you need to log in the same app, at least that’s how it worked.
I mean, there are probably one time passwords that go with some of accounts when using F2A. But I don’t care about Microsoft account either way.
I have found that Microsoft has the worst authentication on the planet. From weird, nightmarish loops and processes, to non propagated password changes. Not talking about having multiple accounts etc…
The worst of the worst for me was Atlassian login with Microsoft SSO
PSA, don’t use Microsoft authenticator. It’s easy to accidentally wipe your cloud backup and lose all your authenticator codes when switching devices
Can you provide more info how it’s easy to accidentally wipe? I’ve only done a transfer once, but it was by installing authenticator on the new phone and logging in, then deleting the other one on the old phone after testing that the codes work.
You have to begin the recovery on the new device before logging in. If you log in normally and enable cloud backup on the new device, it will simply overwrite the existing backup with a new empty one
Cooperate forces me.
I think you can use standard TOTP regardless if you add TOTP as an option in the authentication methods on your account page. At least I did and the system has yet to complain.
Same thing with proton pass. How will i login to proton pass if i save my proton mail password in it.
∞-FA
I had this exact problem when I had to install this. Ridiculous
Anyone else hate Microsoft forcing you to use Authenticator rather than alternatives?
Just another way I’m forced to install Microsoft crap on my devices :/
I have 2FA through Authy on my Microsoft account.
It’s been a long time since I set it up, but I have Microsoft accounts in my usual TOTP app (Aegis). Maybe I did it manually? But it’s definitely possible.
You can work around it to use your own 2FA app.
Did it with my O365 account.
That sort of risk is one major reason I stopped using MS Auth and went through the painstaking process of manually switching all of my accounts to a FOSS authenticator (Aegis Auth) instead.
I got FreeOTP from F-droid. Works like a charm.
I recommend Aegis, but I guess it’s a matter of taste
Aegis here
Secur user checking in
