I already have an authenticator app. If some service wants to force me to install their own app for their login, they are indeed welcome to fuck off.
Comment on MFA
Thrydwulf@lemmy.today 8 months ago
Wait, can you eli5 why multifactor authentication (MFA) (and maybe also 2-factor authentication apps) is “fuck off” levels?
Is it privacy concerns or something bigger like more points of failure for overall security? Or smaller like not every one has/wants a smart phone?
Bezier@suppo.fi 8 months ago
cley_faye@lemmy.world 8 months ago
Standard authenticator (software or hardware) are, well, standard. You can pick anything compliant and use it with any compliant service. Requiring a specific app means that you have to install yet another app, which may or may not be well made, and may or may not snoop on you, and usually will only work with one service, assuming you have a compatible device to run it to begin with.
It’s more than an inconvenience; not insurmountable, but way more work than just having a standard thing that works perfectly well and is based on known and proven algorithms.
FrostyPolicy@suppo.fi 8 months ago
If I read it correctly the “fuck off” level refers to some proprietary app for the selected login. The other two are standard code app and yubikey.
jodanlime@midwest.social 8 months ago
This is also how I read the meme. Codes are fine, tokens are fine. Your proprietary spyware app is NOT fine (Microsoft) and I hope you get fucked.
ilinamorato@lemmy.world 8 months ago
Microsoft login works just fine with any TOTP app, like Aegis. They just heavily push you toward their app.
Randelung@lemmy.world 8 months ago
Unless your company doesn’t know wtf they’re doing and it just doesn’t work.
mvmike@lemmy.ml 8 months ago
Depends on how it’s configured by the company. I’ve faced in the past the situation of having to login with the company email to be able to use the MFA with a propietary app, which meant I needed to enroll into the BYOD policy and it includes remote device management.
Ended up installing an emulator in the work laptop just for that purpose and left the company shortly after.
eager_eagle@lemmy.world 8 months ago
MS is fine, your average bank or broker institution though… when it’s not SMS, chances are it’s an “in-house” solution
HeartyBeast@kbin.social 8 months ago
You talking about MS authenticator? In what way is that proprietary or spyware?
mark3748@sh.itjust.works 8 months ago
They offer other options for Microsoft accounts. Using it as a normal TOTP app is the same as any other Authenticator app.
It’s most likely the number matching requirement that the other person doesn’t like, or their employer has a policy that’s annoying.
MystikIncarnate@lemmy.ca 8 months ago
Yeah, I’ve seen that prompt at least 50 times by now. There’s almost always a button to use a different authenticator app, which shifts the code to be TOTP compliant.
I don’t think I’ve ever seen that button not be there.
To be fair, the MS authenticator app is also useful as a totp app, so it’s not all bad. I mean, I don’t use it, but it’s not all bad.
If your company (assuming this is for ms365) can also enable FIDO2, so yubikeys are also possible, but they’re not enabled by default, so your 365 admin needs to go press a button to allow that for you. MS even supports passkey for passwordless login. But again, not enabled by default. Fun fact: Windows 10/11 also support all of this but if you’re on an active directory domain… You guessed it, it’s not enabled by default.
To their credit, Microsoft has made some pretty significant strides in account security in recent years. It’s pretty impressive; though requiring a TPM for desktop Windows (especially the “home” versions) still makes me raise an eyebrow. Overall it should help with security… But a hard requirement? Okay Microsoft. If you say so.
cm0002@lemmy.world 8 months ago
I was reading it as “it never fucking works right” LMAO