Microsoft Authenticator has been updated on both Android and iPhone in recent days with an interesting new feature called phone sign-in.
I just noticed this today as the iOS version of the app was just updated. But it looks like the Android version got this new feature a week ago.
I will assume you are up on why you should be securing your Microsoft account with two-step verification—Microsoft’s name for two-factor authentication, or 2FA, sort of—but if not, you’re in luck: I’ve been writing about this a lot lately. So please review Tip: Secure Your Microsoft Account with Two-Step Verification and First Steps: The Proper Care and Feeding of Your Microsoft Account for more information.
Microsoft Authenticator is the mobile app that I use and recommend for implementing 2FA with your Microsoft account (and other accounts that support this security technology). This app works a lot like other authenticator apps, but if you use it with a Microsoft account, you get additional niceties, like the ability to approve sign-ins by tapping a pop-up on the phone instead of looking at and then typing in a code.
This new phone sign-in feature is a slight variation on the pop-up approval method. It’s easier in that you don’t need to type your password in to get the authentication prompt. But it requires more steps on the phone. So it may be a toss-up, with the understanding that not remembering passwords probably puts this over the top.
If you’re confused by what I mean, consider how signing in with your Microsoft account using 2FA and Microsoft Authenticator has worked until now. I’ll use the web as an example, but this would work with apps too.
You’re on your PC or whatever device browsing the web, and you come across a Microsoft website like OneDrive.com or Outlook.com. And you are prompted to sign-in. Assuming you aren’t saving this information in the browser, you then type in your account name (email address), press Enter, and then enter your password. And then you are prompted to approve this sign-in using Microsoft Authenticator on your phone. On that phone, a pop-up appears and you press the Approve button. Then you are signed in on the PC (or whatever other device).
Alternatively, you can now sign-in to these websites (and apps) using your phone now. These are the steps:
You’re on your PC or whatever device browsing the web, and you come across a Microsoft website like OneDrive.com or Outlook.com. And you are prompted to sign-in. Assuming you aren’t saving this information in the browser, you then type in your account name (email address). Instead of entering your password, however, you choose “Use an app instead”. (In the future, this will be the default.)
Then you are prompted to approve this sign-in using Microsoft Authenticator on your phone. On that phone, a pop-up appears and you press the Approve button.
Then, the website (on your PC) displays a number and the Authenticator app displays a pop-up with a set of numbers.
You must choose the number that matches what you see on the PC.
Then you are signed in on the PC (or whatever other device).
Put simply, the big differences are that you no longer need to enter a password where you are authenticating (a PC-based web browser in the examples I gave) but you do have a few more steps to perform to actually authenticate.
Very interesting. And yes, it works only with a Microsoft account. You will still need to enter codes with other account types.
Also, you need to enable this functionality to use it. To do so, open Microsoft Authenticator, select the caret next to your Microsoft account, and choose “Enable phone sign-in” from the pop-up that appears.\
Tagged with Microsoft account