757
submitted 11 months ago by qaz@lemmy.world to c/memes@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] ComradePedro@lemmy.ml 47 points 11 months ago
[-] theo@lemmy.world 14 points 11 months ago

Unfortunately, Microsoft will often force their own 2FA app when logging in to 365.

[-] bdonvr@thelemmy.club 18 points 11 months ago

Not true, I've always used Authy.

[-] ParetoOptimalDev@lemmy.today 2 points 11 months ago

It became true in the past 6 months for me after always using Aegis.

[-] pineapplelover@lemm.ee 1 points 11 months ago

Unless your organization forces specifically microsoft authenticator, then yeah. However, for several schools, that's never been an issue, there should be an option to use a third party authenticator in small text.

[-] LemmyIsFantastic@lemmy.world 8 points 11 months ago

No they don't. That's a configuration setting.

[-] ParetoOptimalDev@lemmy.today 8 points 11 months ago

If your admins change the default away from Authenticator only they see bright red "MS 365 insecure" banners.

So... Its a dark pattern that technically allows other options.

[-] dayvid@lemmy.world 4 points 11 months ago

TOTP codes can be phished. Technically FIDO2 keys like Yubikeys are one of the only phishing-resistant authenticators out there now, because they’re tied to the official domain of the real site and won’t authenticate to a fake.

Passkeys are similarly phishing resistant, and Microsoft Authenticator will basically have passkey support added early this year. For now it’s actually not phishing resistant! Though it’s somewhat better than TOTP.

The issue is that phishing resistance is important but it doesn’t stop session stealing (someone getting ahold of the cookie on your computer that confirms you’re signed in and have done MFA). But it does make it harder to steal sessions because phishing resistance means attackers need to get it from your computer instead of intercepting a fake login.

Just a little technical backstory around why admins are needing to lock down auth methods in more ways as attacks become more sneaky and the more sophisticated attacks become automated and easier and thus more frequent.

[-] ParetoOptimalDev@lemmy.today 1 points 11 months ago

I would use a yubikey if Microsoft let me :)

Our admin tried allowing me to but there were errors.

[-] burgersc12@sh.itjust.works 10 points 11 months ago

Best one out there

[-] onlyfans@lemmy.world 2 points 11 months ago

Thank you, how about for iOS users?

[-] ComradePedro@lemmy.ml 2 points 11 months ago

~~Just switch to Android/AOSP lol~~ I've heard good things about Raivo Authenticator for Apple devices, although I've never used it myself.

[-] venji10@feddit.de 2 points 11 months ago

Buy a different phone.. Apple is terrible in so many ways

this post was submitted on 05 Jan 2024
757 points (98.5% liked)

Memes

45895 readers
1151 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS