• CoopaLoopa@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    18
    ·
    11 months ago

    This is specifically an issue with corporate M365 accounts when a user tries to migrate to a new phone without access to the old phone where the authenticator was setup.

    Personal MS accounts can backup their auth secret keys to cloud storage, and when signing in on a new device, it authenticates you with your cloud storage (Google/Apple) and properly restores your MS Authenticator app.

    The issue is that while MS says you can backup your corporate M365 accounts in MS Authenticator, it doesnt actually store the secret key, so it’s useless.

    Have your administrator enable TAP (Temporary Access Passwords) on the tenant. Then an M365 admin can create a TAP for your account that lets you login without a password/2FA. You can use the TAP to login and rejoin MS Authenticator app. The TAP expires in 1 hour by default.

    • spiffy_spaceman@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      11 months ago

      I’m in this particular loop at work where I don’t want and don’t really need an account, so I’m going to pretend I didn’t see this and if you could ensure that IT doesn’t see this, that’d be great, thanks.

    • qaz@lemmy.worldOP
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      11 months ago

      You’d think such an important application would be properly tested, right?

  • afraid_of_zombies@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    11 months ago

    One day authentication of new users will be impossible and the only way to get on will be to purchase it from someone who already has it. Entire companies will run on a single account hey bought for millions of dollars. News stories will run of a vengeful or negligent employees bricking the one corporate account, until a cartel of business owners attempts to corner the market.

    • qaz@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Interesting, do you happen to know which configuration item causes this?

      • LemmyIsFantastic@lemmy.world
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        11 months ago

        The one that forces you only to use ‘passwordless’ logins or forces that MFA challenge. Your admins had a choice on what they allow.

  • _lilith@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    11 months ago

    People run into this for company MFA not realizing that their IT can enable new account setups. If it’s a personal account you already have a device setup so I hope you didn’t yeet it into the ocean or you really are screwed

  • Andrew@mander.xyz
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    11 months ago

    Wait, is this really possible? With Steam you still will be able to access TOPT in the mobile app if you need to log in the same app, at least that’s how it worked.

    I mean, there are probably one time passwords that go with some of accounts when using F2A. But I don’t care about Microsoft account either way.

    • qaz@lemmy.worldOP
      link
      fedilink
      arrow-up
      3
      ·
      11 months ago

      Yeah, I already went to IT several times to ask them to forcibly reset it. I’m WFH now, so I’ll have to pay them another visit on Monday.

  • Yash Raj@lemmy.ml
    link
    fedilink
    arrow-up
    2
    arrow-down
    2
    ·
    11 months ago

    Same thing with proton pass. How will i login to proton pass if i save my proton mail password in it.

    • arden@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      11 months ago

      Why would you store your password manager’s password in your password manager??? That’s like putting a safe’s key into the safe