Microsoft Authenticator Gets a New Phone Sign-In Option

Microsoft Authenticator Gets a New Phone Sign-In Option

Microsoft Authenticator has been updated on both Android and iPhone in recent days with an interesting new feature called phone sign-in.

I just noticed this today as the iOS version of the app was just updated. But it looks like the Android version got this new feature a week ago.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

I will assume you are up on why you should be securing your Microsoft account with two-step verification—Microsoft’s name for two-factor authentication, or 2FA, sort of—but if not, you’re in luck: I’ve been writing about this a lot lately. So please review Tip: Secure Your Microsoft Account with Two-Step Verification and First Steps: The Proper Care and Feeding of Your Microsoft Account for more information.

Microsoft Authenticator is the mobile app that I use and recommend for implementing 2FA with your Microsoft account (and other accounts that support this security technology). This app works a lot like other authenticator apps, but if you use it with a Microsoft account, you get additional niceties, like the ability to approve sign-ins by tapping a pop-up on the phone instead of looking at and then typing in a code.

This new phone sign-in feature is a slight variation on the pop-up approval method. It’s easier in that you don’t need to type your password in to get the authentication prompt. But it requires more steps on the phone. So it may be a toss-up, with the understanding that not remembering passwords probably puts this over the top.

If you’re confused by what I mean, consider how signing in with your Microsoft account using 2FA and Microsoft Authenticator has worked until now. I’ll use the web as an example, but this would work with apps too.

You’re on your PC or whatever device browsing the web, and you come across a Microsoft website like OneDrive.com or Outlook.com. And you are prompted to sign-in. Assuming you aren’t saving this information in the browser, you then type in your account name (email address), press Enter, and then enter your password. And then you are prompted to approve this sign-in using Microsoft Authenticator on your phone. On that phone, a pop-up appears and you press the Approve button. Then you are signed in on the PC (or whatever other device).

Alternatively, you can now sign-in to these websites (and apps) using your phone now. These are the steps:

You’re on your PC or whatever device browsing the web, and you come across a Microsoft website like OneDrive.com or Outlook.com. And you are prompted to sign-in. Assuming you aren’t saving this information in the browser, you then type in your account name (email address). Instead of entering your password, however, you choose “Use an app instead”. (In the future, this will be the default.)

Then you are prompted to approve this sign-in using Microsoft Authenticator on your phone. On that phone, a pop-up appears and you press the Approve button.

Then, the website (on your PC) displays a number and the Authenticator app displays a pop-up with a set of numbers.

You must choose the number that matches what you see on the PC.

Then you are signed in on the PC (or whatever other device).

Put simply, the big differences are that you no longer need to enter a password where you are authenticating (a PC-based web browser in the examples I gave) but you do have a few more steps to perform to actually authenticate.

Very interesting. And yes, it works only with a Microsoft account. You will still need to enter codes with other account types.

Also, you need to enable this functionality to use it. To do so, open Microsoft Authenticator, select the caret next to your Microsoft account, and choose “Enable phone sign-in” from the pop-up that appears.\

Download Microsoft Authenticator for iPhone and iPad

Download Microsoft Authenticator for Android

 

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 21 comments

  • 477

    Premium Member
    30 January, 2017 - 4:19 pm

    <p>Does this work with Authenticator on Windows Phone?</p>

    • 1753

      Premium Member
      31 January, 2017 - 4:58 am

      <blockquote><em><a href="#39420">In reply to </a><a href="../../users/SoundersFan">SoundersFan</a><a href="#39420">:</a></em></blockquote>
      <p>No. I just tried it. The Android version asks for confirmation (and uses an 8 digit numeric code), the Windows Phone version still uses the 6 digit code and doesn’t prompt for sign-ons. :(</p>

  • 1306

    Premium Member
    30 January, 2017 - 4:45 pm

    <p>While this sounds convenient, doesn’t this make it no longer 2-factor? &nbsp;If someone got access to your unlocked phone, they would be able to sign on to any Microsoft Account with this feature enabled without knowing your password. &nbsp;The idea of using the authenticator app for 2-factor is that you have to both know the password and have the phone to complete the log-in.</p>

    • 289

      Premium Member
      30 January, 2017 - 5:35 pm

      <blockquote><em><a href="#39426">In reply to </a><a href="../../users/jgraebner">jgraebner</a><a href="#39426">:</a></em></blockquote>
      <p>Yeah, I thought the same thing. Maybe if your browser doesn’t autofill the account name then this is somewhere between 1FA and 2FA. Maybe we call it 1.5FA</p>

    • 213

      30 January, 2017 - 7:04 pm

      <blockquote><em><a href="#39426">In reply to </a><a href="../../users/jgraebner">jgraebner</a><a href="#39426">:</a></em></blockquote>
      <p>Why is your phone unlocked?</p>

    • 1753

      Premium Member
      31 January, 2017 - 5:00 am

      <blockquote><em><a href="#39426">In reply to </a><a href="../../users/jgraebner">jgraebner</a><a href="#39426">:</a></em></blockquote>
      <p>On Android, they either need your PIN or your fingerprint – on my Nexus 5X it authenticates automatically with my fingerprint, no need to compare codes on the screen.</p>
      <p>On the other hand, it does mean that you won’t get p4wned by keystroke loggers on the PC.</p>

    • 400

      Premium Member
      31 January, 2017 - 2:22 pm

      <blockquote><em><a href="#39426">In reply to </a><a href="../../users/jgraebner">jgraebner</a><a href="#39426">:</a></em></blockquote>
      <p>My bad, of course you have to enter your normal login credentials, but no authenticator code is needed</p>

  • 213

    30 January, 2017 - 4:50 pm

    <p>Couldn’t wait to try this, just enabled. Something to point out, instead of the numbers I was just asked to use fingerprint ID twice, once to unlock my phone after approval, and once within the authenticator app. Definitely faster than password.</p>

    • 349

      Premium Member
      30 January, 2017 - 7:10 pm

      <blockquote><em><a href="#39427">In reply to </a><a href="../../users/bfarkas">bfarkas</a><a href="#39427">:</a></em></blockquote>
      <p>Same for me, though my phone was already unlocked, so just once. &nbsp;Agreed-faster than a password.</p>

    • 1753

      Premium Member
      31 January, 2017 - 5:01 am

      <blockquote><em><a href="#39427">In reply to </a><a href="../../users/bfarkas">bfarkas</a><a href="#39427">:</a></em></blockquote>
      <p>Same here. Are you on Android per Chance? I guess that is the difference between Android being open and iOS more closed?</p>
      <p>Shame this doesn’t work on Windows devices though!</p>

  • 4267

    30 January, 2017 - 5:00 pm

    <p>I can also approve or deny Authenticator request on my Apple Watch. Very little setup required, if any; the iPhone watch app needs to be configured to echo Authenticator notifications, but that seems to be the default.</p>
    <p>I hope this "select the number" business doesn’t make it more complicated; the watch approval capability is really nice.</p>

  • 6019

    30 January, 2017 - 5:42 pm

    <p>"Also, you need to enable this functionality to use it. To do so, open Microsoft Authenticator, select the caret next to your Microsoft account, and choose &ldquo;Enable phone sign-in&rdquo; from the pop-up that appears."</p>
    <p>Just be aware you’ll need your MSA password at this point, or at least, I did.</p>

  • 8622

    30 January, 2017 - 6:41 pm

    <p>I’ve had just about enough of Microsoft Authenticator. It’s notifications keep breaking and I have to reinstall the app to get them back again.</p>

  • 442

    30 January, 2017 - 8:29 pm

    <p>I get so many people complaining about needing to use 2 factor, maybe this will make them more happy…</p>

  • 1753

    Premium Member
    31 January, 2017 - 4:53 am

    <p>I didn’t get the prompt for checking the number, it just asked for my fingerprint…</p>
    <p>But what is confusing is, I was using the Microsoft Account app, which is what you describe in the middle of your article. I switched to this in the middle of last year and removed MS Authenticator, because MS Account was easier than typing in the 6 digit code from Authenticator.</p>
    <p>Now I have reinstalled Authenticator and I see that it now also has the same confirm code feature that Microsoft Account has, but that I can now also use the app sign on. It also now uses an 8 digit code and the code in Google Authenticator for my MS account is 6 digits!</p>
    <p>WAH! Why does MS have so many different ways of doing the same thing?!?! I’m guessing that I can now safely delete the Microsoft Account app from my phone, as Authenticator seems to get the same prompt and also offers the 8 digit code and the automated sign-on with fingerprint…</p>

  • 400

    Premium Member
    31 January, 2017 - 7:00 am

    <p>The new authenticator app is avaliable on Windows 10 mobile too.<br /><br /><a title="Microsoft Authenticator" href="https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggzmcj6&quot; target="_blank" rel="noopener noreferrer">https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggzmcj6#</a></p&gt;
    <p>Upon login a toast on the phone asks you to validate the login – no code etc. Just tap the toast, and you are in.</p>

  • 6359

    31 January, 2017 - 4:15 pm

    <p>Paul,</p>
    <p>Thanks for the heads-up on Microsoft 2FA.</p>
    <p>After setup I was surprised to find an offer for assistance using it with the Zune Desktop App!&nbsp; Is that a mistake?&nbsp; I hope I don’t get anyone fired mentioning it.</p>
    <p>&nbsp;</p>

  • 9542

    01 February, 2017 - 2:07 am

    <p>Question – does Authenticator support fingerprint authentication in any part of its workflow?</p>

  • 5059

    01 February, 2017 - 1:16 pm

    <p>I just wish there was a facility to recover 2fa accounts with the microsoft authenticator, similar to authy. I swap phones enough that not having a way to recover from an older device is frustrating. Unless I missed where this is possible.</p>

  • 10102

    02 February, 2017 - 10:50 am

    <p>Any news when we will be able to use this app to unlock our Windows 10 PCs?</p>

  • 592

    02 February, 2017 - 1:35 pm

    <p>Just put Lumia 640 back to Win10 mobile release version and noticed that this started happening on my Lumia 930.</p>
    <p>BTW, the640 runs so much better on 14393.693 it’s amazing. Everything works for a change and you can actually browse on Edge.</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC