Microsoft warns Authenticator will block rooted Android and jailbroken iOS, verify if your phone is affected.
microsoft truly hates productivity in the workplace
Submitted 21 hours ago by BrikoX@lemmy.zip to technology@lemmy.zip
Microsoft warns Authenticator will block rooted Android and jailbroken iOS, verify if your phone is affected.
microsoft truly hates productivity in the workplace
I can guarantee this will be a hilarious shitstorm of false positives wasting IT departments' time, because their detection of it is massively flawed.
At least once a month my - completely stock, and un-rooted - phone tells me I can't use Outlook/Teams because of root. Every time, a reboot is required to resolve this. One one occasion, TWO reboots.
Ignoring whatever reason Microsoft think they're blocking this for, it's going to regularly block regular users, who are not going to stand for it.
Fuck all these totalitarian corpos.
sure, but you shouldn’t be rooting Android any more than you should be running Linux on a root user.
That’s not what ‘rooting’ means.
You aren’t running as root on rooted Android. Try it sometime.
Rooting is a scary word they use to describe everything that hasn’t been approved by google, specifically its “play integrity” feature. And “play integrity” feature is a totalitarian shit.
I don’t use my account for email anymore or use Windows very often but I just changed the two factor authenticator to Aegis. They make the text to use an alternative authenticator app tiny blue hyperlink text but you can do it confirmed.
They somehow trying to eliminate everything they cannot control, funny
It may be painful but a switch to Ente Auth or similar is a must
Yeah that’s my choice too bc it offers access from my desktop browser too, not just the mobile app. Tying accounts to a single device makes me uncomfortable.
Yubikey.
They’re not mutually exclusive. Yubikey is great for passkeys and Ente Auth is great for 2FA.
I do keep looking at this, but then stick with Ente Auth for no better reason than no issues so far. Will look again
Ths is gonna cause some fun at work. I know our IT team would not be on top of this until one day a portion of employees can’t SSO in. Then mayhem will ensue over who’s causing the biggest hassle by digging in heels.
Your company should be issuing devices if employees need to use apps like that. IT issued equipment shouldn’t be jailbroken or rooted, it should be managed via MDM.
Otherwise they deserve it for trying to cut corners by having employees use personal devices. If they’re doing that, they’re almost certainly not paying for the work use of those devices either.
There are a couple Android ports of KeePass. They are open source and won’t care if your phone is rooted.
Does it even support OTP?
Just use github.com/beemdevelopment/Aegis on Android.
Yes, both KeePassDX and KeePass2Android support TOTP.
KeePassDX Android does. Been using it for a while now.
Why the fuck would you use a personal phone for work?
Get some cheap alternative and put the authenticator on that phone and say that is your main phone.
2FA is not just for work.
Sure but you can use your own choice of 2FA software for your own stuff
Yeah but that’s the worst app to use if you have a choice. There are a dozen better options.
I wont use my personal phone for anything work related except authentication. Since it sits in its own little jail, it’s fine.
I work all over the world and remote in. I have no other work related devices or equipment.
I look at it as a key card from the old days when I had to go into a building. I think that is a pretty trivial use case and doesn’t need them to provide a phone, and in fact I absolutely would not want a device owned by anyone else that I carried around. That is FAR worse.
That said, this change sucks as I will now need to get around this bullshit. But that is doable.
you don’t just use authenticator for work. anybody who plays Minecraft uses it.
uh no? you can set up any number of mfa methods for a Microsoft account…
Better yet, if your work requires you to have Microsoft Authenticator, tell them that they need to provide you with a device capable of using it.
Instead of spending your own money on a burner phone just for that, make your work pay for it.
How does the tool actually check for this?
Does it just use the Play Integrety API, or does it use some kind of other attestation check?
The need for full root privilege has fallen by the wayside assuming you can trust the OS running on the device. I dont hate this change if I can run a custom ROM that will report that the user does not have root privilege and that the OS has not been modified since boot.
Probably Play Integrity, since it’s still working on my phone with the Play Integrity Fix Magisk module installed.
Any app can tell if it has root privileges.
Because, obviously, you can’t be a real person if you don’t let the corpos control your device.
Guess I need to get off of it faster now.
You can jailbreak IOS?
yep. it’s sort of dead right now but not completely. in fact, a new bootrom exploit for Xs/11 era devices got released recently, and 11 is still getting supported on latest iOS 27.
Glad I don’t use their app then.
Wizard_Pope@lemmy.world 21 hours ago
Why would you use microsoft Authenticator anyway?
BCsven@lemmy.ca 2 hours ago
I had a yubikey as my hardware authentication, then a coworkers email got hacked so IT moved us all to Microsoft authenticator, so now I have a less secure login method LOL
skooma_king@piefed.social 21 hours ago
Work
Korhaka@sopuli.xyz 20 hours ago
I don’t really mind using shit software on work devices. Yes it’s slow and inefficient, I spent half an hour today on Windows doing what would be a very short command on Linux. Fuck it, get paid the same. I just use Linux at home in my own time.
artyom@piefed.social 20 hours ago
You don’t need it for work. You can use any authenticator.
Wizard_Pope@lemmy.world 20 hours ago
You can use other authenticators. I use ente auth for my microsoft account
timewarp@lemmy.world 18 hours ago
Then stop working for retards who support Nazis
blargh513@sh.itjust.works 13 hours ago
Some organizations require authenticator; they don’t just use it for MFA codes, it’s goes deeper than that.
Also, most large enterprise fall for the stupid Microsoft trap. They buy enterpise licensing in bulk (E3, E5, whatever) and bosses who have no brains will say “well, let’s use more microsoft products since they’re ‘free’”. The trap is that, yes, your enterprise license agreement includes entitlements to a lot of their stuff, but they nickle and dime you on stupid shit like the storage so you can keep the logging and telemetry data you typically need for security, troubleshooting and some audit requirements.
I can’t imagine ever using any of their shit beyond Office products. Their security software is crap compared to most offerings, they still seem to think that networks are bad so we should do as little as possible about them. Azure is just a completely uncontrollable money drain (by design) that is damn near impossible to secure properly once you give developers enough access to actually do their jobs.
I’ve been working in security for a long time now and they continue to be such a fucking liability and drain on money at every turn. If I ran the zoo, I would switch the entire enteprise to Linux and find just about any other collaboration suite to use.
Fuck Excel and fuck you if all you do with it is make lists. Fuck powerpoint and fuck every boss who is too dumb to read and only can accept information when it is spoon fed to them in a deck. Word is OK, but nobody reads anymore so what’s the point?
ThunderLegend@sh.itjust.works 9 hours ago
I had to use it for my work. They required MS authenticator. I think it’s bullshit and tried to export my 2fa to bitwarden. I couldn’t. And to add another 2fa .method I need to call support so I gave it up
79WistfulVista@lemmy.zip 2 hours ago
They don’t let you use mysignins.microsoft.com to replace/add MFA methods? That site was very useful at my last employer, as I was switching phones often.
Prove_your_argument@piefed.social 21 hours ago
This change is really more about enterprise use cases. If you take DLP seriously you need to make sure the integrity of the controls on work provided devices are intact.
Nothing stops someone taking a photo of another screen. It’s not a panacea. It’s just one more hurdle.
lyralycan@sh.itjust.works 21 hours ago
Yup, I use Aegis, and found a strange little trick with Bitwarden Authenticator where I can import them into the main app (the Vaultwarden server). I know keeping all my power in one place defeats the purpose of 2FA but you know, I trust Vaultwarden, and myself to keep it secore, implicitly.
Tollana1234567@lemmy.today 14 hours ago
people likely using workday as for a job probably, or any app that uses MS.
AlecSadler@lemmy.dbzer0.com 12 hours ago
Ugh, fuck workday