213
Can I refuse MS Authenticator?
(lemmy.ml)
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
For now.
The point is, the patterns in software security are pretty clear. People will keep finding ways around the authenticator, eventually someone will get their account compromised, and at some point it will get more restrictive.
It doesn't matter how it works now, because once it's normalized that this Microsoft app must be on your phone so you can work, and it must operate exactly as it wishes to, Microsoft will be able to start pushing more restrictions.
At a certain point, the device simply has to be verified as secure in and of itself before it can keep another device secure. Meaning your phone will be brought under your workplace's security policies.
What? No. This is complete hyperbole and speculation, and off at that too. Their Authenticator is used for personal accounts as well as managing 3rd party TOTP tokens. It’s no different than Google Authenticator, DUO Authenticator or Okta Authenticator. I could see that on a far end if they come out with a business only version, but given that everything is backed on their same platform it doesn’t behoove them to do that.