• 0 Posts
  • 12 Comments
Joined 11 months ago
cake
Cake day: December 23rd, 2023

help-circle
  • It will be easier to hackers to hack 2FA when they know what the authenticator app is, versus hundreds of different authenticator clients.

    Security through obscurity is not security.

    Additionally, any method that generates a code locally that needs to match the server will not be secure if you can extract the key used locally. Yes you can argue that more users makes a juicier target, but I’d argue that Microsoft has the resources spend reducing the chance of an exploit and the resources to fix it fairly quickly. Much more so than any brand new team.

    The default authentication option for the company I work for is that a code is displayed in the screen of the device I’m logging into AND a push notification is sent to the Authenticator app, the app then prompts me to enter the code from authenticating device. To break that you’d need the username, password, a clone of the phone/device used to authenticate (or the original), and the user’s PIN for that device (MS Authenticator requires this to complete the authentication.)

    Yes MS Authentication services do sometimes go down, and yea it can impact my ability to work

    I am by no means a MS fanatic, but I’d trust them for mission critical authentication over something like Authy.