Microsoft warns Authenticator will block rooted Android and jailbroken iOS, verify if your phone is affected.

  • MrSulu@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    59 minutes ago

    It may be painful but a switch to Ente Auth or similar is a must

  • qupada@fedia.io
    link
    fedilink
    arrow-up
    13
    ·
    3 hours ago

    I can guarantee this will be a hilarious shitstorm of false positives wasting IT departments’ time, because their detection of it is massively flawed.

    At least once a month my - completely stock, and un-rooted - phone tells me I can’t use Outlook/Teams because of root. Every time, a reboot is required to resolve this. One one occasion, TWO reboots.

    Ignoring whatever reason Microsoft think they’re blocking this for, it’s going to regularly block regular users, who are not going to stand for it.

  • saltesc@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    4 hours ago

    Ths is gonna cause some fun at work. I know our IT team would not be on top of this until one day a portion of employees can’t SSO in. Then mayhem will ensue by heels being dug on both sides.

  • Godort@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    ·
    4 hours ago

    How does the tool actually check for this?

    Does it just use the Play Integrety API, or does it use some kind of other attestation check?

    The need for full root privilege has fallen by the wayside assuming you can trust the OS running on the device. I dont hate this change if I can run a custom ROM that will report that the user does not have root privilege and that the OS has not been modified since boot.

      • Korhaka@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        5 hours ago

        I don’t really mind using shit software on work devices. Yes it’s slow and inefficient, I spent half an hour today on Windows doing what would be a very short command on Linux. Fuck it, get paid the same. I just use Linux at home in my own time.

        I’ll point out better software exists. If I don’t get support in changing it or allowed to change it, fuck it. It’s on them at that point.

        • ramble81@lemmy.zip
          link
          fedilink
          English
          arrow-up
          23
          ·
          5 hours ago

          It depends…. Your company IT department can choose what types of 2FA are available to use and Microsoft Authenticator is separate from OTP and other methods, and it is possible to restrict them.

          That’s also yet another reason why I force the issue of a company phone as part of my equipment to do my job.

          • baines@lemmy.cafe
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            edit-2
            2 hours ago

            my company IT can provide a phone

            no work software is ever touching a personal phone

            and work phones get shut off at closing

        • swicano@programming.dev
          link
          fedilink
          English
          arrow-up
          9
          ·
          5 hours ago

          Nope, the Microsoft authenticator is slightly different, and other authenticators won’t work. I just went through this with my IT dep. Microsoft authenticator will sometimes pop the numbers up on the computer and make you enter it in the app, not the other way around.

        • skooma_king@piefed.social
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 hours ago

          Depends on how your M365 tenant is configured. Both conditional access policies and authentication strengths can enforce the requirement

          • OwOarchist@pawb.social
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 hours ago

            If your work requires you to have a Microsoft Authenticator-compatible device, they should provide you with one.

            • atrielienz@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 hour ago

              The main problem as I see it is if I have to download authenticator onto my personal device because something has happened to my work device. That’s the only way I could see this being a problem since I use Graphene OS on my personal phone. Even then I would probably just use the authenticator on my work computer rather than going to that trouble.

    • Prove_your_argument@piefed.social
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      edit-2
      6 hours ago

      This change is really more about enterprise use cases. If you take DLP seriously you need to make sure the integrity of the controls on work provided devices are intact. Authenticator isn’t managed by intune since users could use it for many things.

      Nothing stops someone taking a photo of another screen. It’s not a panacea. It’s just one more hurdle.

    • lyralycan@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      6 hours ago

      Yup, I use Aegis, and found a strange little trick with Bitwarden Authenticator where I can import them into the main app (the Vaultwarden server). I know keeping all my power in one place defeats the purpose of 2FA but you know, I trust Vaultwarden, and myself to keep it secure, implicitly.

  • Eternal192@anarchist.nexus
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 hours ago

    Why the fuck would you use a personal phone for work?

    Get some cheap alternative and put the authenticator on that phone and say that is your main phone.

    • NewNewAugustEast@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      2 hours ago

      I wont use my personal phone for anything work related except authentication. Since it sits in its own little jail, it’s fine.

      I work all over the world and remote in. I have no other work related devices or equipment.

      I look at it as a key card from the old days when I had to go into a building. I think that is a pretty trivial use case and doesn’t need them to provide a phone, and in fact I absolutely would not want a device owned by anyone else that I carried around. That is FAR worse.

      That said, this change sucks as I will now need to get around this bullshit.

    • OwOarchist@pawb.social
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 hours ago

      Better yet, if your work requires you to have Microsoft Authenticator, tell them that they need to provide you with a device capable of using it.

      Instead of spending your own money on a burner phone just for that, make your work pay for it.

          • waggz@programming.dev
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            4 hours ago

            because you said anyone who plays Minecraft had to use it too. you do not. but some people are required to for work. therefore they only have to use it for work. do you get it now or do i need to eli5 it for you more?

            • Luminous5481 "Enemy of the State"@anarchist.nexus
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              3 hours ago

              I didn’t say anybody who played Minecraft had to use it. You’re just bad at reading. Do I need to walk you through the sentence like you’re five, or are you done beating your chest like a teenager?

              • waggz@programming.dev
                link
                fedilink
                English
                arrow-up
                1
                ·
                3 minutes ago

                you don’t just use authenticator for work. anybody who plays Minecraft uses it.

                you’re too dumb to waste my time on anymore. glhf cya

  • OwOarchist@pawb.social
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 hours ago

    Because, obviously, you can’t be a real person if you don’t let the corpos control your device.

        • marxismtomorrow@lemmy.today
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          6 hours ago

          Everyone that cares about security or privacy is working on custom android ROMs since there is no actual benefit to Apple hardware or software at this point in history. Plus you save money buying a Pixel device.

          • Hudell@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            41 minutes ago

            Not everyone. Depending where you live there’s no devices available that are compatible with secure custom ROMs (you might be able to deGoogle, but that’s different from being secure).

          • Quetzalcutlass@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 hours ago

            Google is doing their best to strangle those too, by only releasing their source code when a new major Android release comes out. Custom ROM developers then have to rebase and integrate several months of commits all at once, with nowhere near enough time or resources to actually vet more than a tiny fraction of the changes.