9/4/2023 0 Comments Ms auth appThe implication is that if a user’s device ends up running a rogue app, that app can capture the initial OTP seed (if entered manually), the initial username and password for MFA, as well as all generated OTP codes as they are shown by the app, and thus break two factor authentication. This is true for setting up the OTP with a manual seed, viewing generated OTP codes, and entering a username + password when setting up Azure MFA. However, it looks like that the application still allows screenshots to be taken. The second mode allows a user to register with Azure’s Multi-Factor Authentication (MFA) service, and allows users to authenticate by tapping a prompt on their phone instead of entering an OTP code (similar to Google Prompt). This application operates in two modes – one allows to generate standard OTP codes like many other apps (Google Authenticator, Authy, etc). Microsoft offers an application for Android called “ Microsoft Authenticator” which is used to setup two-factor authentication (2FA).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |