>Using an outlook.com account for e-mails >Random password, only used there >Passwordless login disabled >Occasionally get random 2FA prompts from some idiot in LA What the fuck? Compromised password? >Use a VPN and browser in private mode >Try logging in into my own account >Directly get prompted for 2FA What the fuck has Microsoft been smoking? Why do they allow people prompting for *two*-factor when they not even provided the first factor, being the fucking password.
Anyone else having this problem? How to fix this instead of yelling at Microsoft?
It's not 2FA, it's passwordless login. I hate this fucking board.
Christian Nelson
>Passwordless login disabled Why do they keep pulling this shit then? That seems utterly ridiclousless that you are one tap away from granting people access to your account
Jackson Edwards
Why?
Easton Smith
Not him, but I remember a story from some hack that occurred a few months back >Important admin gets spammed with passwordless notification prompts in the middle of the night >Eventually he confirms one, either by accident or due to lacking critical thinking skills while half asleep >Hacker gets in and steals critical data
Landon Scott
Just use a strong password, dummy. 2FA and other authenticator apps are the stupidest idea to come along since asking what you teachers name was.
Dominic Moore
First, if I have *two*-factor-authentication enabled I expect there to be actually two factors, like every one else does.
Second, on iOS the prompt has the three numbers and "Deny" all in one prompt, not really separated from each other. If you mistap "Deny" and accidently hit the number above, you have a 33.33% chance of accidentally granting an attacker access to your account.
If I want passwordless login, well okay. But if I choose 2FA, I want fucking 2FA and not the same shit. Also, the login information is very coarse like "Login from the United States on Windows".
With that design, I legitimately see that as an attack vector.
Samuel Davis
>Occasionally get random 2FA prompts from some idiot in LA Yeah, then either your cookie or password are compromised, or you fucked up the settings on your account.
John Peterson
Read further down his post, he then verified that microsoft doesn't even ask for the password
Ian Ross
In which case he's fucked his settings if it's doing passwordless, and it would be asking for a password if he didn't have his cookie or whatever so the prompts for the guy in LA mean it's compromised too.
Juan Campbell
>use VPN to change my endpoint node/public IP to somewhere else >WHY I GET LOGIN ALERT FROM SOMEWHERE ELSE!?!?!
2FA being pushed makes perfect sense. How "strong" your password is has been nearly meaningless for a while, no one guesses passwords unless it's something horribly obvious. What happens is people use the same password everywhere, one of those places leaks or they enter their password on a phony site and now all their accounts are an open buffet. 2FA ensures that even if someone gets their password they still can't do shit unless they also steal their phone, which is going to be harder and not worth the effort.
Nicholas Collins
based 2FA explanation, OP is a retard.
Austin Johnson
2FA, passwordless, etc... All these solutions are garbage. Someone needs to invent something that just works with no bullshit.
Brandon Jones
Yes, microsoft has some delusional 2FA implementation sometimes. I blame pajeets and their lack of white man brains. >anime child can't read >TWO FACTOR AUTHENTICATION based retard It's clearly bugged, the passwordless is always on no matter if you turn it on
Juan Thompson
Anyone know exactly what this Pluton thing I'm hearing about is? Is it going to be the end for FOSS?
Wyatt Thomas
Isn't sms based 2fa extremely unsecure? I still havent turned on 2fa for my main accounts like jewgle.
Grayson Perry
It's easily intercepted yes, but I think companies work on the logic that the odds of a hacker both having your password and being near enough to read your sms messages is very low. Google's 2fa uses some inbuilt system, not sms. And most major sites allow you to use an authenticator app in my experience, which doesn't need any kind of external connection to work.
Christian Baker
2FA is just a way to describe that you are using two things instead of one. There's a ton of implementations of it, and different "factors" which can be something you know, something you own, something you have, etc You have a better authentication than both something you know and something you have?
Leo Ortiz
what does fingerprint come in? something you have or something you are?
Gabriel Watson
Immutable something you have and can lose. Its shit.