Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Microsoft Authenticator App for Apple Watch to Be Discontinued in January
- Thread starter MacRumors
- Start date
- Sort by reaction score
This would have stopped working for you as all tenants move to number matching in February.
The auth app never works for me on my watch. But the normal clients are magic, I am a beta tester for Microsoft on the iOS version and it is fantastic. Due to using the beta I am always a version ahead. I was sad when I heard that they are discontinuing it, but if you read this post you will see why. It simply doesn’t work for most people.
The Watch App currently works with number matching and has been doing that for over 4 years with personal MS accounts.
Umm... I've personally been using a password manager for 25+ years. 1Password was released in 2006.
We had a site license to LastPass, but could use any password manager.
Generally true, but in the context of Microsoft, you can actually use different options. They all show up as MFA enabled. There are many approved options, and best practice is to enable at least two of them as per their security baselines.
Nope most definitely not, I've even listed the agencies that deal with this and what their current guidance is. Password managers are not only allowed, they are even recommended. Which ones for which agency and what access level is a different conversation, but you unambiguously said that password managers aren't allowed, and that is simply not true.
LOL Password managers exist as long as secure server implementations existed. They existed well into the last century. It was entirely normal to have to check out passwords for SU access, and they got generated on the fly and linked you as an individual for traceability. Now don't get me wrong, I don't agree with having non-named accounts, but at least it was something. I'm sorry, but this is as old as computing is. My early experience goes right back to IBM VM Mainframe, where we have multifactor authentication and password managers.
I wish I could use it for my garage, I just don't wanna spend that money on a bridge. HomeKit its invaluable I do the same. Ultra looks great but I just a S7 and don't feel like there's anything I need. I am crippled and so deep sea dives and hiking is not in my future. Would love the battery life tho
The old number matching is where it shows you a list of numbers and you pick one. That method isn’t phishing resistant. The new number matching requires you to put in the number you see on the screen rather that choose from a predefined set.
The pick a number works because Apple allows you to send a notification to the watch with up to 4 predefined choices. They don’t allow you to interactively respond by punching in a number.
Could you install any password manager yourself? Or did you need to get approval and have it pushed to your machine? I've been working in government since the .com bubble burst, from the inside and the outside, and despite my very privileged access I would be risking my job if I were to install a password manager. Regular users in my agency would be unable to install these whatsoever. Contractors connecting to remote machines would be completely SOL, and this applies to over 40 agencies that I've worked for in every sector of government. Calling it unreasonable to expect users to remember unique passwords when this is literally the standard RIGHT NOW seems like serious hyperbole.
I'm aware that password managers themselves have existed...I've been using them where I can since as long as I can remember...but certainly not on government machines or GFE smartphones. I've been reviewing NIST's, CISA's, and DISA's documentation on this and I see nothing regarding password manager use in government. Is there something you can point to?
The reason I referred to 10 years ago is because that's when the guidance to use passphrase style passwords came out - because people were still generating their own.
Imagine if the apple watch had a touch screen and a number pad, this would all be resolved.
Sounds like a bad setup and implementation. There is no reason why you cannot use a password manager, and no, using a shared clipboard is not a good idea from an InfoSec DLP perspective. You'd typically have a service for that.
Oh yes, hence I was able to quote the guidelines and relevant agencies. Don't that across the US, UK, and EU at every impact level.
I'm lucky, my garage opener came with the bridge and app. I'm also disabled, so I understand the problems you face, at least some of it! Deep sea dives or hiking are also not in my future!
Battery life would be better with an e-ink display, I don't know why someone doesn't come out with a full featured smart watch with an e-ink display. I'd buy it in a minute.
Then talk to Apple. They don't let you interactively input to respond to a notification, only choose one of four pre-defined responses.
Thats aside from so many other features that would be missing like context information and device registration to support password-less authentication.
Those agencies I'm referring to make up over 80% of all government employees, so the entire government practically has a bad setup and implementation (which I would not argue with). I see no reason why you cannot use a password manager myself, but I'm not writing the policies. You didn't quote any guidelines as far as I can tell, you just named a couple of agencies. The closest I can find to any agency using a password manager is KeePass at GSA, but I can't tell if that's for use on government machines. If you're familiar with Zero Trust environments, and you've seen NIST 800-207, there is an entry from November 10th, 2022 (just 33 days ago) which is one of the first times I've ever seen password managers brought up. And this doesn't necessarily refer to government furnished equipment.
I'd refer to my own internal cyber security but raising questions about this may put me in the hot seat.
The app currently is only sending interactions to the app on the phone, which is why App Lock breaks functionality. Notifications allow you to click and "open the app", where is the issue with opening the app which prompts for the numbers? Anything else already functions this way, not sure what context information and device registration is needed beyond what is already there.
Every time I work from home, this is a million times better than picking up my phone every time... Yes it was buggy, but fix the damn bugs instead of just scrapping the whole thing
I feel so sad for you that you will now have to pull out your phone to authenticate.
I'm was able to install it myself.
I think you are confusing policies with installing outside software with outlawing of password managers. Again, it's not reasonable to expect 10s of thousands of people to remember multiple random 15 character passwords without writing them down.
The idea that you've worked with enough companies represent 80% of government employees is not reasonable. Maybe you are only referring to the US federal government.
Last edited:
As a user of a LTE watch, I loved not needing to keep my phone in the pocket 24/7.
Now I have another reason why I need my phone. Sigh.
Now I have another reason why I need my phone. Sigh.
Exactly. It was a mistake for the App Store to rush to have "1 million apps" when over 900,000 of those are no good for various reasons.
From what I hear, Apple could do a lot to make Watch development better. But not every website needs to be an app, and not every app needs to go on the watch.
Still don't understand Microsoft's reasoning with this, though.
Microsoft, like Google seems to have a scrambled and inconsistent strategy across many products. Any serious Apple Developer with resources as large as Microsoft should embrace the iOS / WatchOS, etc. APIs and be an example for other smaller developers. Embarrassing for a company with soft in its name.