Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Microsoft Authenticator App for Apple Watch to Be Discontinued in January
- Thread starter MacRumors
- Start date
- Sort by reaction score
The last month, Authenticator has been really inconsistent verifying logins to AzureAD. But before that, worked flawlessly, and use it many times a day with so many different VPNs with 2FA enabled... I've often forgotten my phone plugged in beside my bed, but so long as I had my watch on me, I could quickly log in regardless.
I'm really going to miss using this... A third of my Apple Watch use is using this feature. Kinda hate anything having me needing to open an app on my phone when the screen and the data I need is right there on my wrist.
I'm really going to miss using this... A third of my Apple Watch use is using this feature. Kinda hate anything having me needing to open an app on my phone when the screen and the data I need is right there on my wrist.
Such a shame, I use this feature several times a day at work to log in via MFA. Guess I will have to use my phone. Still it was super handy and very quick.
The thing is, if you use O365/Azure and you enforce MFA (you would be crazy not too) is so simple as you just choose "Aprove" from the watch or phone and you are in. A 3rd party tool will at best pop a code on your phone/watch that you then have to type in.
This is same with all others, in that they one they support with push is only their products. Google only pushes with simple approval for Google stuff, a code for everything else. DUO which we use for VPN pushes and simple approve prompt for their VPN MFA, but a code for everything else.
With Microsoft, Apple and others pushing password-less logins this is a step backwards.
I only use it for O365, but it worked the very first time and every time after that. I'm guessing where it doesn't work well with is third party apps.
For Microsoft's own services, you don't need TOTPs, and that's the convenience of the watch app.
I just let 1Password handle the automatic entering of the MFA if/when requested. Microsoft Modern Authentication doesn't require that all the time, unless you go outside the parameters. Privileged accounts have multiple factors including biometric, geo locations, enrolled device, etc in addition to TOTP.
With SSO integration and functions it really isn't any different with a proper password manager and way more useful.
Interesting. That's probably what's not compatible -- I suspect they're going to force App Lock, which is a major pain already if you use it.
Indeed and a rather bad implementation for TOTP, also very naughty of Microsoft that they always presented theirs like it is authorisation by app, the amount of users that 'signed' up to their service as the page has a tiny link to a compatible version of authentication apps below it and thus you end up with passwords and authentication all over the place...
Nope they didn't and definitely not again. You keep spreading this FUD even though lots of people correctly you on it in the other thread about passkeys as well. Not smart, and doesn't become you.
I'm pretty sure your thinking of LastPass.
LastPass Hacked for Second Time This Year
Password management app LastPass says it is investigating a security incident after an "unauthorized party" compromised its systems on...
www.macrumors.com
A well configured system doesn't pop it up on your watch but integrates it as part of the approved and expected browser. No need to type in codes at all. Besides it creates divergence of where those things are stored, causing yet another attack vector.
Yep that was it. I use Bitwarden but I knew it was one of the major players....hence I asked.I'm pretty sure your thinking of LastPass.
LastPass Hacked for Second Time This Year
Password management app LastPass says it is investigating a security incident after an "unauthorized party" compromised its systems on...
Cool your jets brother...it was Lastpass. I asked...did not state as fact.
You've done that several times across multiple threads and been corrected loads. Yet here you are again spreading fake news veiled as a question when challenged 🤷♂️
I didn't say it is, I said it creates divergence of where those things are stored, causing yet another attack vector. Just think about it you log into Google and then use google to verify that you authorise another device with google, same for microsoft but now you use Microsofts tool, same for Github and so on...Each one you have in different systems all provided by those you want to be authenticated against. I can see the benefit of those providing those services and apps to you, but can't from a security benefit why you would want to do that.
But hey ho you do you...
My experience with the Apple Watch is that very little of it works.
It tells time and weather, tracks your steps and heartbeat, and it’s great at helping you find your iPhone.
It’s pretty reliable at the above.
Other than that, Apple’s apps generally work but suffer from a lack of screen space.
Notifications are a total disaster. Apple made a baffling decision that notifications are only allowed to show on one device. ~80% of the time Apple sends a notification to the right device. ~20% of the time they send it to the wrong one so I totally miss the notification. If you jailbreak, you can make multiple devices show a notification - I have no idea why Apple doesn’t expose this feature via settings. The choice Apple forces everyone into probably causes far more problems than it solves.
Third party apps sometimes have better thought out UX, but they pretty much always end up in a broken state of some sort where they need to be reinstalled (which is tedious). I don’t know why this is such a common issue. IDK if the SDK is majorly flawed or something, or if maybe Apple has better APIs that they use for the built in apps that they don’t let third parties use.
It tells time and weather, tracks your steps and heartbeat, and it’s great at helping you find your iPhone.
It’s pretty reliable at the above.
Other than that, Apple’s apps generally work but suffer from a lack of screen space.
Notifications are a total disaster. Apple made a baffling decision that notifications are only allowed to show on one device. ~80% of the time Apple sends a notification to the right device. ~20% of the time they send it to the wrong one so I totally miss the notification. If you jailbreak, you can make multiple devices show a notification - I have no idea why Apple doesn’t expose this feature via settings. The choice Apple forces everyone into probably causes far more problems than it solves.
Third party apps sometimes have better thought out UX, but they pretty much always end up in a broken state of some sort where they need to be reinstalled (which is tedious). I don’t know why this is such a common issue. IDK if the SDK is majorly flawed or something, or if maybe Apple has better APIs that they use for the built in apps that they don’t let third parties use.
You're assuming that an enterprise environment is going to let you install 1Password. Not that it would be helpful as you're jumping around through remote desktops or being prompted via powershell. I have 1Password, I use it for the password part of my MFA, but it isn't going to work for the rest.
I don't think you have described the notifications correctly. In my experience, notifications always show up on the my phone. If you are actively using the phone, they only show up on the phone. If you are not using the phone, they also show up on the watch. Makes sense to me.
There are other password managers, and yes it is best practice as part of an ISMS to use that in any organisation.
PS. 1Password has shell support, easy to use on sh, bash, zsh and powershell 👍