Microsoft also has this cool thing where if someone fails to get into your account too many times, your account can get locked and you are asked to reset your password. For a working password.
replyEven after changing my password, I couldn't login to my email on my phone, so I just gave up. I only use that email for a handful of things anyway.
Their enterprise account system (active directory or whatever it's called) also has an awesome bug where if you accidentally reload the page during password reset, the link will no longer be valid, but your old password will already be invalidated. So you won't be able to log in at all untill IT staff manually changes your password.
reply> The default sign in flow with the app enabled is email + authenticator. No password required
replyIsn't this only if browser have some cookie from previous session or IP didn't change?
Edit: just tried (new IP + private window firefox), you are right, I can enter email and select app notification.
I've been getting this too, authenticator prompts saying "logged in" and asking for confirmation, but no history whatsoever when I went to security to check.
replyIt freaked me out the first time, I went through all the security settings I could find, but it was if it never happened.
I just ignored it the second time, but it's a bit unsettling, because the default authenticator flow also has the chance of accidentally hitting the right number.
Is that because it’s two digits?
replyNo, because the default is to present you 3 numbers and asks you which your number is!
reply1 in 3 and easy to hit by mistake.
Shouldn't there be a button like "i didn't request this" or something? Why would you hit one of the buttons if you know the request is bogus?
replyYou've never hit the wrong button by mistake on a phone touchscreen?
replyI can only envy your adroitness.
That's insane.
replyI also had this starting a few months back. I changed the email address (really, just an alias to the same mailbox as before) and the notifications stopped.
replyIt is the same company that want to stop SMS 2fa to force you to use their shitty authenticator app.
replySMS 2FA is the worst factor because of how insecure and phishable the phone network is, it deserves to die out where possible
replyBut they could allow other 2fa apps, but they force their shitty one.
reply