Collaborate Disseminate
On August 2, 2023, the Microsoft security blog presented this scenario, in which the protection normally afforded by number-matching MFA on MS Authenticator can be thwarted:
In this activity, Midnight Blizzard either has obtained valid ac… Continue reading Is MS number-matching MFA still amenable to bypass in this scenario?
On August 2, 2023, the Microsoft security blog presented this scenario, in which the protection normally afforded by number-matching MFA on MS Authenticator can be thwarted:
In this activity, Midnight Blizzard either has obtained valid ac… Continue reading Is MS number-matching MFA still amenable to bypass in this scenario?
When registering Microsoft Authenticator as a two-factor authentication method, some users see Microsoft Authenticator Registration has timed out error. Let us see how to fix this issue. Authenticator registration has timed out. Please choose “Ne… Continue reading Microsoft Authenticator Registration has timed out
Nowadays, 2FA apps usually require you to insert a number which you are presented with when trying to authenticate. For example, the following screenshot is from Microsoft Authenticator:
This is called number matching, and is in contrast … Continue reading What is the point of entering numbers in the two-factor authentication app?
I am building an application that a user can receive an access to by an internal worker. This works using a magic link, where the user will receive a one time link to authenticate in the app. Now I want the application to be secured with 2… Continue reading Is Using an Authenticator App on the Same Device as the Passwordless Application a True 2FA?
Microsoft recently introduced a new feature in its Authenticator app, designed to enhance user security and combat MFA fatigue attacks. The new security configuration was rolled out in September, allowing users to suppress pop-up notifications for potentially suspicious login requests. Typically, Microsoft Authenticator users who attempt to log into an account or a service receive…
The post Microsoft Authenticator Now Blocks Suspicious MFA Notifications appeared first on Petri IT Knowledgebase.
Continue reading Microsoft Authenticator Now Blocks Suspicious MFA Notifications
I recently registered with a bank that has an online banking platform. The platform website requires login with a proprietary OTP generator app. To activate this application, the bank sent me two numbers, both private:
Serial key: XXXXX-XX… Continue reading Getting Time-OTP Secret Key from Activation and Serial keys [closed]
I’m evaluating moving to Passwordless and my company is using BYOD.
This will change my attack surface.
I’m trying to brainstorm all the possible attack vectors how someone could compromise a mobile and gain access to the authenticator app… Continue reading Ways how a mobile device and authenticator app could be compromised
Is it safe not to have a 2FA for a password manager itself?
It seems that using an app for TOTP authentication for a password manager could increase the security. But it turns out that in this case I should remember by heart the password f… Continue reading Security of password managers vs. risk of losing access
Everyone in security will tell you need two-factor authentication (2FA), and we agree. End of article? Nope. The devil, as always with security, is in the details. Case in point: …read more Continue reading Two Factor Authentication Apps: Mistakes to Malware