Microsoft is taking a shot at passwords with its latest feature for the Microsoft Authenticator apps on iOS and Android. Rolling out now for all Microsoft accounts, phone sign-in will let you approve a login for from your phone with a single tap.
Once enabled for your account, trying to log into your Microsoft account with prompt a notification on your phone. From there, you can tap "Approve" or "Deny" to allow or reject the login. This essentially eliminates the need to enter a password when attempting to log in, using physical access to your phone for security instead.
Here's how to set things up, from Microsoft (via MSPU):
- If you already use the Microsoft Authenticator for your personal account, select the dropdown button on your account tile, and choose Enable phone sign-in.
- If you are adding a new account on an Android phone, we'll automatically prompt you to set it up.
- If you are adding a new account on an iPhone, and we'll automatically set it up for you by default.
Ultimately, this should be easier to use than the usual two-step verification. Despite not needing a password, logging in still requires a second, physical element that is locked down by either a PIN or fingerprint.
Again, this currently only applies to the Microsoft Authenticator apps on Android and iOS, which you can snag from Google Play and the App Store now.
Updated April 19, 2017: In a further update to its announcement, Microsoft noted that is focusing on iOS and Android first, but it will evaluate adding phone sign-in support to the Microsoft Authenticator apps on Windows Phone in the future:
A few people have asked if this works with Windows Phone version Microsoft Authenticator. Windows Phone makes up <5% of the active users of our Authenticator Apps so we have prioritized getting this working with iOS and Android for now. If/When it becomes a big success on those high scale platforms, we will evaluate adding support for Windows Phone.
Reader comments
Microsoft Authenticator adds phone sign-in support for all Microsoft accounts
Note - that update has since been updated.
[Update 4/18/17 3:08pm Pacific: A few people have asked if this works with Windows Phone version Microsoft Authenticator. This app is designed for iOS and Android. We work directly with the Windows on native integration of rich authentication experiences within Windows and Windows roadmap is communicated separately.]
Wonder if the author had his wrists slapped for playing down Windows Mobile.
Anyway, don't we have a better solution with being able to lock/unlock the PC just with the phone being nearby?
Trying to remember what that was called - it's an article on here somewhere...
I think the idea of 1FA tap to allow is stupid anyway. I use the newer Authenticator app. Enter my username/pass on the site, then click the approve button on my phone, which is version of 2FA and just as good as the typing a code for the 2FA. Now days it just seams wrong not to use 2FA. By using 1FA it allows people to get into your accounts so much easier.
On a side note, that is why I think Banking sites should require 2FA, but most of them do not even give you an option to turn it on.
Holy cow. That last quote makes me so angry
We all should be angry yet there are some WSheep around here who r blind to the obvious.
"evaluate adding support for Windows Phone" Excuse me??? To top off this angst, I just realized that I've been using some legacy Authenticator app...hehe...wow *smh* Barely downloading the "new" Microsoft Authenticator app...guess I've been missing out on the notifications, but the new update mentioned in the blog post about bypassing typing a password sounds very enticing...just wish it wasn't something that Microsoft itself couldn't quickly "evaluate" that their own platform deserves the update as well.
Frankly, I ask myself why we diehard Microsoft fans even still use the Windows 10 Mobile platform, if even the Microsoft employees do not see the future in their own product. And I do not care if we
Wow! Now, I can logon without the need for a password as long as my daughter presses "approve" for me while playing on my phone when I need to connect using MS credentials! I also like that my wife can hit "approve" for me whenshe is "hacking" my phone to check and make posts for me on Facebook!
I started reading this article and got a headache. Proof reading is your friend, Dan. Give it a try. It won't hurt.
I feell it will be more of a hassle just to get into the app or on the computer. I just dealt with a network outage for a day and half by AT&T which limited what i could do during the outage. When trying to do work on the computer, or in an app we want to do it why are thoughts are fresh, waiting for a text might take our mind off what needs to be done.
OFFICIAL MSFT response (But it works for me - LOL)
.
[Update 4/18/17 3:08pm Pacific: A few people have asked if this works with Windows Phone version Microsoft Authenticator. Windows Phone makes up
Reading this it is not supported on Win Phone 10... wtf? Well played MS https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-pas...
" A few people have asked if this works with Windows Phone version Microsoft Authenticator. Windows Phone makes up <5% of the active users of our Authenticator Apps so we have prioritized getting this working with iOS and Android for now. If/When it becomes a big success on those high scale platforms, we will evaluate adding support for Windows Phone"
And they say this is not a dying platform...
Yet... It has been working for a year...
LOL
It is supported... and this feature has been part of the Windows version for quite a while
Approve a login for from your phone with a single tap ? Not at all. In the W10M version you still need to enter a code.
Edit: I was wrong, Phone sign in is supported
Steps please? I have ried everything but i can't even enable phone auth for my MSA. Where do i do it?
Have you gone to account.microsoft.com >> Security >> More Options? (That's just off the top of my head)
I have, but it is only for the 2 steps verification which, as i understand, is essentially the request for the numeric code on top of the login/password normally provided. I will try to enable and see if things have changed...
EDIT: i couldn't find how to make it work.
Did you go to Identity verification apps?
I wouldn't worry too much - From a security perspective it's a bad idea IMO - Logging in with a code instead (Which I've used via SMS before) can be good when you don't want to enter your real password on a device but anything like this I would prefer to avoid and stick to 2FA
Where is the download link from Windows store. ?? Is Microsoft considering Windows Phone users ??
Just search for it. Its there.
it wasn't included because the feature being discussed isn't in the W10M version.
I have Lumia 535 mobile but not surface area on screen with update
I know this works for 2FA for W10M but it doesn't work for 1FA?
https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggz...
So now it's come to this, I couldn't even tell if this was for Windows at all, and as I thought, it's not. Should we start assuming this is going to be the norm around here? Seeing as they've already buried W10M
It's been on W10M for some time now. It's Apple and Android that are just getting this.
It has been on W10m for at least a year now. Troll again.
Yes, the app has been on W10M since long, but the feature mentioned in this article, is not there yet in the W10M app.
So I can't login with a single click?
No, you still need to put your password in first. This is *not* 2FA authentication. Basically it works like this: Put in your username on the website and hit sign in. Notification pops up on your phone and you click ok. Boom, you're done. This is *really* similar to put your username *AND* password on the website and hit sign in. This gets rid of the password portion.
I can on W10M I don't know what everybody else is talking about. They're weirdos.
As I understood it, the app on Android and iOS logs you into Microsoft services on your device without using a password. But if you're using a Windows Phone, you gain access to Microsoft services whenever you start your phone or login to it using a pin (or just the Iris Scanner) because a Microsoft account is required to setup the phone. I don't see a need for it on Windows 10 Mobile unless you want to use the existing Microsoft Authenticator for 2FA. I mainly just enter my pin or use my Iris Scanner when I want to show off. :P
You, my friend understood it wrong.
This app helps you when you want to log-in to MS services on a browser on your or anyone else's computer. You enter your MS user name, and use the app to authenticate, instead of your MS account password.
[OFF] The CEO of WhartonBrooks Brasil Paulo Ridgeford gave an interview to the Brazilian blog Windows Team, talking about the company plans to the emergent market. The most interesting thing he said is that no matter how many times the American crowdfunding campaign fails, if the Brazilian campaign eventually hit its goal so the Cerulean Moment will make it to our market. Here's the link, for anyone here that wants to read it (in Portuguese) https://www.windowsteam.com.br/exclusivo-entrevista-exclusiva-com-paulo-...
Best regards to everyone
Very good, lucky you Brazil.
It's fitting, since Msft had withdrawn itself from future hardware (phone) launches in countries such as Brazil and India due to the excessive market domination of Android. But the saddest thing is that they've failed to understand these parts of the world. Ppl still want Lumias here in India, with an impressive (if not massive) support by developers who developed local apps on Windows phone as well as a handful of UWP ones.
Great!
Yeah, I think it's time for Windows Central to do an article extravaganza that exhibits Windows security features.
But for some reason I like the older authenticator app more.
because of the missing dark theme?
No but it has a deep integration with the Microsoft commerce site with the QR image.
Also I might be old school but I like keying in the generated code myself....the likelihood of clicking "approve" with the new app is kinda high for me. It comes like a notification and we all approve notifications. But well that's just me.
Isn't this already in the W10M app? And its been in Android in the MSA app for ages?
That's what i was asking on another site. I actually got some new features on my Microsoft Authenticator on Windows Mobile.
That was 2FA via notification. This is basically the same but for your password instead.
So "sign in using a code" option? I've used that with SMS in the past to not have to enter the pwd but don't think it works with 2FA enabled
Yep. It probably doesn't work with 2FA enabled because it's essentially just removing the first factor (the password) reducing you to single factor again. However single factor code sign in is much more secure than single factor password sign in.
I was confused as well until I read the Verge's write-up. With two-step verification enabled, this is the flow of signing into a new device:
With this new feature, it sounds like the big change is skipping step 2 entirely. Once you submit the user name on the login prompt the notification is immediately sent to the phone for approval. If I'm understanding this correctly, users who have this enabled would only need their password if they didn't have their authorized phone available. Those using two-step authentication would still be required to enter the password as the first of the two steps, as Nik Rolls mentioned above.
That sounds like two factor to me. You need the password and you need the phone (unlocked). It just doesn't require you to enter a code that is shown on the phone back on the PC. It is waiting for your acknowledgmenty on the PC from the phone.
No, you don't need the password in this case. And you don't need the phone to be unlocked if your device supports actionable notifications above the lock screen (which is an option on Windows, but one that arguably most people have on).
Definitely, I've used it with SMS in the past whenever I had to login on a PC where I trust the owner but would prefer not to enter the actual password. That was via SMS though rather than a push notification. When I saw the title of this article at first I thought it was the ability to sign into PC using the phone (like you can do with some Samsung devices using the companion frame work stuff)
Seems like a weird feature. It's basically removing 2FA and moving the password to another device. Which means if I prefer not to lock my phone I am screwed in case it gets stolen, all Microsoft accounts are just there for the taking.
It's not a replacement for 2FA. It's a replacement for passwords.
then the feature isn't for you. this feature is probably not targeted at people who don't lock their phone. so it's a weird feature only if you had decided to use it in that case. its not meant to replace anything, its just another option. if it works in your scenario, then that's awesome. if it doesn't (like in the one you mentioned), then don't use it.
It's been on W10M for a loooonng time now...
Bout the she thing
No, it's not on W10M at all.
Its not on w10m. Their blog post explicitly says that
This feature has been on W10M version of the app for a long time. It's new to Android's and iOS' versions of the app.
This is absolutely false
Lol, now fanboys are pulling complete crap out of their behind because they don't want to admit to themselves that Microsoft does not give a funk about their own platform.
no, its that folks are confusing this with the 2FA feature on the W10M. From the screen shots, i can see how they'd get confused. It's interesting that you'd jump to such a poorly thought out conclusion.
Also there's a new type of login that seems to have gone missing recently. Where you don't enter a password but "Use an app". Basically the same thing as this but you have to match from a set of 3 numbers between phone and login device.
Pretty sure it is this.
This article solely talks about that only.
Official MSFT reply
.
[Update 4/18/17 3:08pm Pacific: A few people have asked if this works with Windows Phone version Microsoft Authenticator. Windows Phone makes up