Microsoft Authenticator Gets a New Phone Sign-In Option

Posted on January 30, 2017 by Paul Thurrott in Android, Cloud, iOS, Mobile with 21 Comments

Microsoft Authenticator Gets a New Phone Sign-In Option

Microsoft Authenticator has been updated on both Android and iPhone in recent days with an interesting new feature called phone sign-in.

I just noticed this today as the iOS version of the app was just updated. But it looks like the Android version got this new feature a week ago.

I will assume you are up on why you should be securing your Microsoft account with two-step verification—Microsoft’s name for two-factor authentication, or 2FA, sort of—but if not, you’re in luck: I’ve been writing about this a lot lately. So please review Tip: Secure Your Microsoft Account with Two-Step Verification and First Steps: The Proper Care and Feeding of Your Microsoft Account for more information.

Microsoft Authenticator is the mobile app that I use and recommend for implementing 2FA with your Microsoft account (and other accounts that support this security technology). This app works a lot like other authenticator apps, but if you use it with a Microsoft account, you get additional niceties, like the ability to approve sign-ins by tapping a pop-up on the phone instead of looking at and then typing in a code.

This new phone sign-in feature is a slight variation on the pop-up approval method. It’s easier in that you don’t need to type your password in to get the authentication prompt. But it requires more steps on the phone. So it may be a toss-up, with the understanding that not remembering passwords probably puts this over the top.

If you’re confused by what I mean, consider how signing in with your Microsoft account using 2FA and Microsoft Authenticator has worked until now. I’ll use the web as an example, but this would work with apps too.

You’re on your PC or whatever device browsing the web, and you come across a Microsoft website like OneDrive.com or Outlook.com. And you are prompted to sign-in. Assuming you aren’t saving this information in the browser, you then type in your account name (email address), press Enter, and then enter your password. And then you are prompted to approve this sign-in using Microsoft Authenticator on your phone. On that phone, a pop-up appears and you press the Approve button. Then you are signed in on the PC (or whatever other device).

Alternatively, you can now sign-in to these websites (and apps) using your phone now. These are the steps:

You’re on your PC or whatever device browsing the web, and you come across a Microsoft website like OneDrive.com or Outlook.com. And you are prompted to sign-in. Assuming you aren’t saving this information in the browser, you then type in your account name (email address). Instead of entering your password, however, you choose “Use an app instead”. (In the future, this will be the default.)

Then you are prompted to approve this sign-in using Microsoft Authenticator on your phone. On that phone, a pop-up appears and you press the Approve button.

Then, the website (on your PC) displays a number and the Authenticator app displays a pop-up with a set of numbers.

You must choose the number that matches what you see on the PC.

Then you are signed in on the PC (or whatever other device).

Put simply, the big differences are that you no longer need to enter a password where you are authenticating (a PC-based web browser in the examples I gave) but you do have a few more steps to perform to actually authenticate.

Very interesting. And yes, it works only with a Microsoft account. You will still need to enter codes with other account types.

Also, you need to enable this functionality to use it. To do so, open Microsoft Authenticator, select the caret next to your Microsoft account, and choose “Enable phone sign-in” from the pop-up that appears.\

Download Microsoft Authenticator for iPhone and iPad

Download Microsoft Authenticator for Android

 

Tagged with

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (21)

21 responses to “Microsoft Authenticator Gets a New Phone Sign-In Option”

  1. 400

    The new authenticator app is avaliable on Windows 10 mobile too.

    https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggzmcj6#

    Upon login a toast on the phone asks you to validate the login - no code etc. Just tap the toast, and you are in.

  2. 477

    Does this work with Authenticator on Windows Phone?

  3. 442

    I get so many people complaining about needing to use 2 factor, maybe this will make them more happy...

  4. 1306

    While this sounds convenient, doesn't this make it no longer 2-factor?  If someone got access to your unlocked phone, they would be able to sign on to any Microsoft Account with this feature enabled without knowing your password.  The idea of using the authenticator app for 2-factor is that you have to both know the password and have the phone to complete the log-in.

  5. 213

    Couldn't wait to try this, just enabled. Something to point out, instead of the numbers I was just asked to use fingerprint ID twice, once to unlock my phone after approval, and once within the authenticator app. Definitely faster than password.

  6. 10102

    Any news when we will be able to use this app to unlock our Windows 10 PCs?

  7. 5059

    I just wish there was a facility to recover 2fa accounts with the microsoft authenticator, similar to authy. I swap phones enough that not having a way to recover from an older device is frustrating. Unless I missed where this is possible.

  8. 9542

    Question - does Authenticator support fingerprint authentication in any part of its workflow?

  9. 6359

    Paul,

    Thanks for the heads-up on Microsoft 2FA.

    After setup I was surprised to find an offer for assistance using it with the Zune Desktop App!  Is that a mistake?  I hope I don't get anyone fired mentioning it.

     

  10. 1753

    I didn't get the prompt for checking the number, it just asked for my fingerprint...

    But what is confusing is, I was using the Microsoft Account app, which is what you describe in the middle of your article. I switched to this in the middle of last year and removed MS Authenticator, because MS Account was easier than typing in the 6 digit code from Authenticator.

    Now I have reinstalled Authenticator and I see that it now also has the same confirm code feature that Microsoft Account has, but that I can now also use the app sign on. It also now uses an 8 digit code and the code in Google Authenticator for my MS account is 6 digits!

    WAH! Why does MS have so many different ways of doing the same thing?!?! I'm guessing that I can now safely delete the Microsoft Account app from my phone, as Authenticator seems to get the same prompt and also offers the 8 digit code and the automated sign-on with fingerprint...

  11. 4267

    I can also approve or deny Authenticator request on my Apple Watch. Very little setup required, if any; the iPhone watch app needs to be configured to echo Authenticator notifications, but that seems to be the default.

    I hope this "select the number" business doesn't make it more complicated; the watch approval capability is really nice.

  12. 8622

    I've had just about enough of Microsoft Authenticator. It's notifications keep breaking and I have to reinstall the app to get them back again.

  13. 6019

    "Also, you need to enable this functionality to use it. To do so, open Microsoft Authenticator, select the caret next to your Microsoft account, and choose “Enable phone sign-in” from the pop-up that appears."

    Just be aware you'll need your MSA password at this point, or at least, I did.

  14. 592

    Just put Lumia 640 back to Win10 mobile release version and noticed that this started happening on my Lumia 930.

    BTW, the640 runs so much better on 14393.693 it's amazing. Everything works for a change and you can actually browse on Edge.

Leave a Reply