HomeNewsDesign flaw has Microsoft Authenticator overwriting MFA accounts, locking customers out

Design flaw has Microsoft Authenticator overwriting MFA accounts, locking customers out

“I imagine the repair, sorry, I imply workaround for that is to make use of the Secret Key from the Id Supplier and manually sort this into the Authenticator app throughout setup,” the person wrote. “Sadly, this isn’t very useful in an enterprise atmosphere, particularly when the typical finish person not often is aware of something concerning the interior workings of authentication, and seeing a random string of characters is intimidating.”

‘A giant drawback with usability and cybersecurity’

This drawback acquired consideration lately when Australian IT marketing consultant Brett Randall posted about it on LinkedIn. 

In his publish, Randall described collaborating in a current vendor coaching session: “As we logged into their system, we have been offered with a QR code to scan for MFA. Various attendees opened Microsoft Authenticator, scanned the QR code, and proceeded to overwrite one other software’s TOTP (Time-based One-Time Password) key,” Randall wrote.

See also  UnitedHealth CEO tells Senate all programs now have multi-factor authentication after hack
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular