On February 20th, 2023, Microsoft is rolling out two security updates to the Microsoft Authenticator app for mobile devices. These updates will include:
- Number match experience: if you use the push notification feature on the Microsoft Authenticator app, after you approve a sign in, you will be asked to type a two-digit code (displayed in the browser) into your Microsoft Authenticator app.
- Application name: the Microsoft Authenticator app will display the name of the application that is requesting the sign in, providing you with additional context.
Who is impacted?
Those who use the Microsoft Authenticator app for two-factor authentication.
What do I need to do?
We recommend ensuring you have the latest version of the Microsoft Authenticator app. The change will happen automatically, so you don’t need to do anything else.
Why is this changing?
With increasing adoption of strong authentication, multi-factor authentication (MFA) fatigue attacks (also called “MFA spamming”) have become more prevalent. These attacks rely on users approving a simple push notification that doesn’t require you to have context of what you are signing into.
Microsoft’s implementation of number matching prevents the accidental approval of push notifications by requiring you to type a two-digit code from the login screen into your Authenticator app. If you did not initiate a sign-in, then you won’t know the two-digit code to enter, and thereby cannot approve a sign in push notification that may be unsafe.
Still have questions?
For more information about the Microsoft Authenticator app, see the Knowledgebase.
If you have problems signing into your account, please contact the IT Service Desk.
If you have other questions about Cybersecurity, please contact cybersecurity@ufv.ca.
Comments are closed.