this post was submitted on 03 Jul 2026
217 points (98.7% liked)

Technology

6986 readers
423 users here now

News community around technology, social media platforms, information technology and governmental policy surrounding it.

What doesn't fit here?

The core of the story has to be technology focused.


Post guidelines

Title formatPost title should mirror the news source title. If you don't like the title of article, look for an alternative source instead of editorializing it.
URL formatPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
[Opinion] prefixOpinion (op-ed) articles must use [Opinion] prefix before the title. Opinion articles refer to articles that their publisher doesn't explictly endorse.
Country prefixCountry prefix can be added to the title with a separator (|, :, etc.) if the news is from a local publisher who doesn't clearly mention the country.


Rules

1. English onlyTitle and associated content has to be in English.
2. Use original linkPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communicationAll communication has to be respectful of differing opinions, viewpoints, and experiences.
4. InclusivityEveryone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacksAny kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangentsStay on topic. Keep it relevant.
7. Instance rules may applyIf something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.


Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip


Icon attribution | Banner attribution


If someone is interested in moderating this community, message @brikox@lemmy.zip.

founded 2 years ago
MODERATORS
 

Microsoft warns Authenticator will block rooted Android and jailbroken iOS, verify if your phone is affected.

you are viewing a single comment's thread
view the rest of the comments
[–] Wizard_Pope@lemmy.world 67 points 1 day ago* (last edited 1 day ago) (8 children)

Why would you use microsoft Authenticator anyway? There are other options

[–] richardwallass@sh.itjust.works 3 points 4 hours ago (1 children)

When you are using your phone for your work you don't really have the choice.

[–] Wizard_Pope@lemmy.world 2 points 2 hours ago

If it's work provided sure. But if its your own device then fuck them, not installing that shit on my own device. Provide one for me

[–] BCsven@lemmy.ca 3 points 7 hours ago

I had a yubikey as my hardware authentication, then a coworkers email got hacked so IT moved us all to Microsoft authenticator, so now I have a less secure login method LOL

[–] ThunderLegend@sh.itjust.works 6 points 13 hours ago (2 children)

I had to use it for my work. They required MS authenticator. I think it's bullshit and tried to export my 2fa to bitwarden. I couldn't. And to add another 2fa .method I need to call support so I gave it up

[–] 79WistfulVista@lemmy.zip 2 points 6 hours ago* (last edited 6 hours ago) (1 children)

They don't let you use https://mysignins.microsoft.com/ to replace/add MFA methods? That site was very useful at my last employer, as I was switching phones often.

[–] baatliwala@lemmy.world 2 points 3 hours ago

Guessing IT can mandate which MFA options are available for users to choose

[–] blargh513@sh.itjust.works 14 points 18 hours ago

Some organizations require authenticator; they don't just use it for MFA codes, it's goes deeper than that.

Also, most large enterprise fall for the stupid Microsoft trap. They buy enterpise licensing in bulk (E3, E5, whatever) and bosses who have no brains will say "well, let's use more microsoft products since they're 'free'". The trap is that, yes, your enterprise license agreement includes entitlements to a lot of their stuff, but they nickle and dime you on stupid shit like the storage so you can keep the logging and telemetry data you typically need for security, troubleshooting and some audit requirements.

I can't imagine ever using any of their shit beyond Office products. Their security software is crap compared to most offerings, they still seem to think that networks are bad so we should do as little as possible about them. Azure is just a completely uncontrollable money drain (by design) that is damn near impossible to secure properly once you give developers enough access to actually do their jobs.

I've been working in security for a long time now and they continue to be such a fucking liability and drain on money at every turn. If I ran the zoo, I would switch the entire enteprise to Linux and find just about any other collaboration suite to use.

Fuck Excel and fuck you if all you do with it is make lists. Fuck powerpoint and fuck every boss who is too dumb to read and only can accept information when it is spoon fed to them in a deck. Word is OK, but nobody reads anymore so what's the point?

[–] skooma_king@piefed.social 59 points 1 day ago (4 children)
[–] Korhaka@sopuli.xyz 13 points 1 day ago* (last edited 1 day ago)

I don't really mind using shit software on work devices. Yes it's slow and inefficient, I spent half an hour today on Windows doing what would be a very short command on Linux. Fuck it, get paid the same. I just use Linux at home in my own time.

I'll point out better software exists. If I don't get support in changing it or allowed to change it, fuck it. It's on them at that point.

[–] Wizard_Pope@lemmy.world 4 points 1 day ago (4 children)

You can use other authenticators. I use ente auth for my microsoft account

[–] tostiman@sh.itjust.works 4 points 9 hours ago

My work MS account requires MS authenticator specifically, can't use another 2fa app

[–] fatalicus@lemmy.world 2 points 15 hours ago

Only if the company supports OTP methods for Entra login (logging in to M365 account).

But I'd say most don't anymore, as there has been a push towards Microsoft Authenticators push-method for a while (where the website/app shows a number and you have to type it in to the authenticator), as it is a slightly safer method than OTP, and can be used passwordless.

It also made people ready for passkeys, as the authenticator supports easy activation off passkey on accounts that are saved with push-method (you pretty much just click a button in the app), and authenticator is easy to set up on the admin side if you require device bound and attestation for passkey.

[–] atrielienz@lemmy.world 16 points 1 day ago (2 children)

I can't. The authenticator for my job was set up on my work device by my IT department.

[–] OwOarchist@pawb.social 2 points 1 day ago (1 children)

If your work requires you to have a Microsoft Authenticator-compatible device, they should provide you with one.

[–] atrielienz@lemmy.world 7 points 20 hours ago (1 children)

set up on my work device by my IT department.

[–] Arcka@midwest.social 5 points 15 hours ago (1 children)

Which would never be rooted or jailbroken in the first place so why even bring it up in this this context?

[–] whatyousaidontwitter@sh.itjust.works 2 points 12 hours ago (1 children)

Why would you use microsoft Authenticator anyway? There are other options

[–] atrielienz@lemmy.world 3 points 9 hours ago (1 children)

Because I also have my normal phone as a backup for this purpose in case out in the field something happens to my work phone. And my personal phone is rooted.

Oh yeah I get it, I was mostly answering the "why bring it up", since this whole chain of comments started because of the comment I quoted.

[–] Wizard_Pope@lemmy.world 2 points 1 day ago (1 children)

Sucks to have that. Have you tried asking IT if you could use a different one?

[–] atrielienz@lemmy.world 3 points 20 hours ago (1 children)

The main problem as I see it is if I have to download authenticator onto my personal device because something has happened to my work device. That's the only way I could see this being a problem since I use Graphene OS on my personal phone. Even then I would probably just use the authenticator on my work computer rather than going to that trouble.

[–] mereo@piefed.ca 4 points 12 hours ago (1 children)

That sucks. I refused so they gave me a Yubikey instead.

[–] atrielienz@lemmy.world 2 points 9 hours ago

I have a yubikey (two actually, one from a previous employer). New company won't actually let me use it.

[–] skooma_king@piefed.social 6 points 22 hours ago

Depends on how your M365 tenant is configured. Both conditional access policies and authentication strengths can enforce the requirement

[–] timewarp@lemmy.world -4 points 22 hours ago (1 children)

Then stop working for retards who support Nazis

[–] fyzzlefry@retrolemmy.com 3 points 17 hours ago

I like the energy. But you took that from a 4 to a 10 fast.

[–] artyom@piefed.social -3 points 1 day ago (3 children)

You don't need it for work. You can use any authenticator.

[–] ramble81@lemmy.zip 36 points 1 day ago (2 children)

It depends…. Your company IT department can choose what types of 2FA are available to use and Microsoft Authenticator is separate from OTP and other methods, and it is possible to restrict them.

That’s also yet another reason why I force the issue of a company phone as part of my equipment to do my job.

[–] halcyoncmdr@piefed.social 3 points 15 hours ago* (last edited 15 hours ago)

Work isn't an excuse unless your work is trying to cut corners by having you use your personal phone instead of providing a work one. In which case they deserve to be taught this lesson for being cheap as fuck.

Your IT should be issuing you a phone handled by MDM, which should be locked down and not allow you to use a rooted or jailbroken device anyway.

[–] baines@lemmy.cafe 9 points 21 hours ago* (last edited 21 hours ago)

my company IT can provide a phone

no work software is ever touching a personal phone

and work phones get shut off at closing

[–] scytale@piefed.zip 5 points 19 hours ago (2 children)

IIRC if you use M365 (i.e. Outlook), you can only use their authenticator app for MFA. Happy to be corrected though.

[–] EnsignWashout@startrek.website 1 points 8 hours ago

Aegis works fine, as long as your organization allows standards compliant authenticators.

[–] Vittelius@feddit.org 3 points 14 hours ago

M365 can be used with other 2fa apps. But organisations can force the use of Microsoft Authenticator

[–] swicano@programming.dev 13 points 1 day ago

Nope, the Microsoft authenticator is slightly different, and other authenticators won't work. I just went through this with my IT dep. Microsoft authenticator will sometimes pop the numbers up on the computer and make you enter it in the app, not the other way around.

[–] Prove_your_argument@piefed.social 3 points 1 day ago* (last edited 1 day ago)

This change is really more about enterprise use cases. If you take DLP seriously you need to make sure the integrity of the controls on work provided devices are intact. Authenticator isn't managed by intune since users could use it for many things.

Nothing stops someone taking a photo of another screen. It's not a panacea. It's just one more hurdle.

[–] lyralycan@sh.itjust.works 2 points 1 day ago* (last edited 1 day ago)

Yup, I use Aegis, and found a strange little trick with Bitwarden Authenticator where I can import them into the main app (the Vaultwarden server). I know keeping all my power in one place defeats the purpose of 2FA but you know, I trust Vaultwarden, and myself to keep it secure, implicitly.

[–] Tollana1234567@lemmy.today 0 points 18 hours ago (1 children)

people likely using workday as for a job probably, or any app that uses MS.

[–] AlecSadler@lemmy.dbzer0.com 1 points 16 hours ago

Ugh, fuck workday