Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Microsoft Authenticator App for Apple Watch to Be Discontinued in January
- Thread starter MacRumors
- Start date
- Sort by reaction score
Well that sucks big time. Always worked flawlessly for me and has been my preferred way to authenticate and the primary reason for using Authenticator over any other keygen solution. So for me this means I’ll probably drop Microsoft Authenticator now.
They did, but it's no Apple watch unfortunately, and the company was first bought by Fitbit, then Google, and they don't make them anymore.
Yeah, and with Apple apparently (assuming this is accurate - https://watchesoff5th.com/pages/biggest-watch-brands-by-sales) being the second biggest luxury watch brand as ranked by global sales, second only to Omega, ahead of Rolex and 2.5x the sales of Swatch, I just don’t understand why the world of third party Apple Watch apps seem to be going backwards.
It’s not just Microsoft. Off the top of my head, based on apps I miss, Uber discontinued its Watch app as did Evernote (although for a while Evernote kept promising to bring its back, I’m not sure what the latest is now) and my UK bank, one of the biggest in the U.K. (NatWest), also once had a Watch app but no longer does.
Is it that so few Apple Watch users ever install any third party apps? Are the Apple developer tools not so great for Watch so it is disproportionately hard to develop and maintain a Watch app? Something else?
This worked great for my company's 2FA. I could quickly connect while my phone was in my bag. Sorry to hear it's getting cancelled.
This is likely due to Microsoft introducing number matching to ward off MFA fatigue attacks:
petri.com
Probably not worth the dev time or finding a suitable way for this to work on the watch app - not not enough take up to be worth it I guess.
Microsoft Authenticator Gets Number Matching and Other Security Features
Microsoft has announced the general availability of several new security capabilities in its Microsoft Authenticator app. The first new feature that the company highlighted today is number matching support, which prompts users to enter a number displayed on the sign-in screen to verify their ide ...
petri.com
Probably not worth the dev time or finding a suitable way for this to work on the watch app - not not enough take up to be worth it I guess.
If you were able to install it yourself, then I have a hard time believing this was the US federal government, and yes that's what I'm referring to (14 million employees). I guess it's me calling bull**** now.
I'm not confusing anything with anything. The policy is that you cannot use password managers, AND that you cannot install anything yourself even if you did get special approval for a password manager - and this applies everywhere I have ever been. I've also never worked anywhere, commercial or otherwise, where you weren't expected to remember your passwords.
I never said it was federal government. And you never specified federal government.
A quick web search reveals GSA approved password managers.
So to be clear, your original claim that "No government organization allows the use of a password manager, period." is obviously wrong based on my experience is a state government organization, common sense, and a quick web search.
And your revised claim that US federal government policy "is that you cannot use password managers" is also easily refuted by a quick web search.
Well you clearly don't have much experience then; as I said before GSA, NIST, NCSC, ENISA, all recommend it. OWASP, Cyber Essentials compliance at all impact levels is as good as impossible to implement without it without excluding controls. Sure I believe wholy that there are some government department who don't provide this for whatever reason, but that is not how this started. You very clearly and unambigously stated that this is not allowed. Well on the contrary, it is recommended to implement.
What we agree on is that the build should be controlled for most and I find it very odd as well that anyone is allowed (beyond controlled environments) to install their own software. Again, that would go against the same recommendations for a secure build.
But not being able to installed your own version, a particular department or agency not having any, and the statement that password management software is not allowed in government is not the same thing.
You literally just showed what I referred to earlier, I already addressed that GSA list...
Can I ask why virtually every comment you make starts off by trying to insult the experience or credibility of the person you're speaking to? You have claimed a bunch of non-security organizations recommend it... Even civilian federal agencies follow the guidance of DISA when it comes to security. I was trying to glean information from the both of you to help my own crusade to push this into use - which I have done before with other product types.
This all started by me claiming that there are millions of us that cannot use password managers, let alone jumping from machine to machine, in our daily jobs. You were quickly hung up on the government part of it and you're both right that I should have specified US federal government - nothing else can even be spoken to with any sort of authority as every state government I've seen has its own rules, and beyond that even worse.
We haven't agreed or disagreed on any of this, I'm not arguing against password managers. I told you that they cannot replace this functionality in the role of millions of engineers, to which you said that I must not know that I actually could. I've told you that I've never worked anywhere where you weren't expected to remember passwords, to which you replied that I must not have much experience. Do you not see the very narrow line you're trying to walk with this discussion? I've worked for the big tech companies, I've worked in the .com industry, I've worked for government, I've consulted to the military, worked in banking, worked in the legal community, all in the role of an enterprise infrastructure engineer or architect. Not once, anywhere, did someone say, "Hey, create a password then store it in our password manager". You might be seeing that somewhere recently as I've been holed up in the government since before the pandemic, but let me assure you that we aren't there yet. And if I were to make a silly claim about it being unreasonable to expect me to remember these things when every document out there even describes how to remember them...I'd be laughed at.
Skype was another app which used to have a watch support... Authenticator worked well for me and the convenience of approving from the wrist will be missed! Duo also worked fine, MobilePASS+ not so much...
Sure, if you're actively using one or the other the notifications work great. For the rest of the day, it doesn't.
Phone's on the table next to you while you're wearing a coat that covers your watch? Notification goes to your watch where you can't see it.
Put your phone down and look away without locking it? Notification goes to your phone.
Both come up multiple times per day. I probably miss an important notification once a week.
The Apple Watch was supposed to reduce how much I missed such notifications. Certainly it helps me catch some. But it also makes me miss some, for absolutely no reason at all other than Apple's arbitrary rules that cannot be changed.
Sideloading with iOS 17 can't come soon enough - I'm hoping we get a TinkerTool equivalent on day one, to go and change all the preferences that Apple engineers created but never exposed through the UI.
Also just getting and quickly dealing with notifications so you don’t have to pull out your phone for something you could quickly do on the watch. Like, uh, confirming 2FA for example…
I was in that bandwagon, a quick watch notification to approve and bam, done, it was great.
Then my company decided to update some setting and ask for a 2 digit number along with the notification approval, rendered the Watch app just for displaying an “open in your phone” message of sorts 😡. I don’t know what’s so difficult about displaying the 0-9 full screen keyboard like the one shown when unlocking the watch itself.
And now this news, instead of fixing it it’s being killed… and the worst part, all of this ordeal I use to login on many services but one of which is MS Teams on the Mac: the cpu and memory sinkhole of one of the worst chatting apps in existence. Which also sucks-in keyboard shortcuts from other apps if not minimized on my side.
This brings hating Microsoft to an Inception style layering.
The watch app never worked for me, but then again, not much else works correctly on my Series 7 watch either.... including many inbuilt functions like podcasts.
And then you go again, and that is the reason I respond as I do. For your benefit I've quoted the previous posts as it seems there is some short-term memory loss. Yes, I didn't quote DISA, guess what I already include CISA and NIST in the original responses. My sincere apologies, I didn't quote the full list of every agency. But seriously dude, CISA, NIST, NCSC, ENISA are not non-security organizations. They are some examples of organizations totally related to cybersecurity, investigations, and standards.
Sure, there is the other connotation of security organizations, but it would be stupid to actually discuss that online. And considering you've totally missed the non-damaging clues, I doubt there would have been a real conversation anyway.
And you continue digging that hole, for your benefit I've included what you actually said. Limiting to the US Federal government makes no difference, that is just a red herring. The guidance from GSA, CISA, NIST, NCSC, ENISA is no different and does not exclude that.
And yes, some of has have been doing this even before there were consumer grade password managers. Even the good old IBM VM Mainframe had it build in.
And as I mentioned before, I believe you if you say you've never used it, it doesn't even surprise me. Scares the living daylight out of me from a data sharing perspective that there are still so many who don't use best practices. But to say “No government organization allows the use of a password manager, period” (which is what started this now rather boring exchange) is just plain wrong.
This is likely due to Microsoft introducing number matching to ward off MFA fatigue attacks:
Microsoft Authenticator Gets Number Matching and Other Security Features
Microsoft has announced the general availability of several new security capabilities in its Microsoft Authenticator app. The first new feature that the company highlighted today is number matching support, which prompts users to enter a number displayed on the sign-in screen to verify their ide ...
Probably not worth the dev time or finding a suitable way for this to work on the watch app - not not enough take up to be worth it I guess.
From reading this thread it seems the issue is Apple not implementing the ability to enter in numbers on the AW during an authentication. I'm assuming Microsoft has attempted to address this directly with Apple? Since this just increases security I'd be very surprised if Apple refuses to fix this.
If you're not actively using either, than it is delivered to both. I don't see the problem.
It also goes to your phone.
Yep, but I see that as a fringe case. Why would you consistently leave your phone unlocked while not using it?
Again, it's only additive. All notifications are still delivered to your phone.
I've always said copyright infringement is the number one reason that people want sideloading.
I use Oracle authenticator, it doesn't have a watch app as it uses some additional features probably like MS case. But it does have the copy button next to the number where continuity can just paste the OTP on Mac. If Apple Watch doesn't keep up with NIST guidelines others will probably start to peel their apps away because compromising is not an option. Being able to verify personal input is one guideline.
What? I want sideloading so I can develop and distribute free apps.I've always said copyright infringement is the number one reason that people want sideloading.
There's an endless world of awesome free apps on literally every platform, except one - iOS.
Apps on iOS are never awesome and free. They're either scams, adware, or they cost money, or they suck. The reason why is because of Apple's whole gatekeeper process - they lack any system for putting FOSS on the app store. Because they have no interest in FOSS. They want to collect money on literally every little thing that happens on iOS.
TinkerTool is one such awesome free app (although it's not open source - not sure why). What about that is "copyright infringement"?