this post was submitted on 05 Jan 2024
753 points (98.5% liked)

Memes

45540 readers
209 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 36 points 10 months ago (7 children)

PSA, don't use Microsoft authenticator. It's easy to accidentally wipe your cloud backup and lose all your authenticator codes when switching devices

[–] [email protected] 11 points 10 months ago (1 children)
[–] [email protected] 5 points 10 months ago (1 children)

I think you can use standard TOTP regardless if you add TOTP as an option in the authentication methods on your account page. At least I did and the system has yet to complain.

[–] [email protected] 4 points 10 months ago (1 children)

Nope, IT can disable third-party TOTP services, and force all employees to use the official MS Authenticator app.

[–] [email protected] 1 points 10 months ago

Sounds like a antitrust violation imo. (Not based in knowledge of laws). In the future I hope to work in a co-op, non-profit, foss or privacy oriented bussiness or whatever. Just something I believe is beneficial to our future and not detrimental. Don't care if I lose potential wages or job security.

Just the standard run of the mill tech company for a private owner idealizing infinite growth for investors and making software that tries taking advantage of the user or even required to use such? Not for me. (I don't need perfection just want improvent)

[–] [email protected] 9 points 10 months ago* (last edited 10 months ago) (1 children)

Is there actually any way to export the secrets from MS authenticator? I've been wanting to move them to something like bitwarden but it's gonna take ages if I have to reset all ~50

[–] [email protected] 3 points 10 months ago (1 children)

They provide "Cloud Backups".

Take the time, move them 5 a day. Better than loosing them forever

[–] [email protected] 1 points 10 months ago

Yeah I suppose that's the best solution, I'm just a little impatient lol

[–] [email protected] 4 points 10 months ago (1 children)

Can you provide more info how it’s easy to accidentally wipe? I’ve only done a transfer once, but it was by installing authenticator on the new phone and logging in, then deleting the other one on the old phone after testing that the codes work.

[–] [email protected] 8 points 10 months ago (1 children)

You have to begin the recovery on the new device before logging in. If you log in normally and enable cloud backup on the new device, it will simply overwrite the existing backup with a new empty one

[–] [email protected] 4 points 10 months ago

That design is awful

[–] [email protected] 3 points 10 months ago (2 children)

Yes, and while you can move it phone to phone on iOS, you cannot on Android. So stupid.

If you are forced to use it by your company just use it for that email, nothing else. Use something like authy instead.

[–] [email protected] 3 points 10 months ago

If your company forced you to use mobile authentication, they should also be providing you with a device on the company plan at no cost to the employee.

In which case you should absolutely use MS Auth and give them all your delicious work data because nothing personal should be on the device anyway.

[–] [email protected] 2 points 10 months ago

Authy requires a phone number last I checked & is a part of a for-profit entity. TOTP management is a simple task so there is no reason not to be using something open source.

[–] [email protected] 3 points 10 months ago

Don't worry, I'm going to keep using Bitwarden for my personal accounts.

[–] [email protected] 1 points 10 months ago

Somehow I don't think there's much risk of anyone doing it willingly...

[–] [email protected] 1 points 10 months ago

Learnt that the hard way