question

UseR-0280 avatar image
0 Votes"
UseR-0280 asked UseR-0280 answered

Microsoft Authenticator: turn off passwordless sign in

Hi,

I use Microsoft Outlook webmail (https://outlook.live.com/owa/) and the Microsoft Authenticator app for 2-step authentication.

If you use the Microsoft Authenticator app and want to use cloud back up you need to add a Microsoft account. I entered my details and all is setup and working correctly.
But now if I sign in to my e-mail account a notification is send to my Authenticator app and I am signed in without entering my password. If someone gets my phone and knows my pin code that person can sign in to my e-mail account. This is not safe and secure, even my password is more secure. So I want to turn off passwordless sign in and want to enforce the password and a one time password code.

If have red many articles about this and some say you need to go to azure AD, but me and other people don't have azure AD, we use Microsoft Outlook mail. A second option is the Authenticator App itself, if you select your account you should have an option to disable phone sign in, but I and many other people with this problem don't have that option in the Authenticator app.
(for picture see https://docs.microsoft.com/en-us/answers/questions/22326/turn-off-passwordless-sign-in-microsoft-authentica.html and scroll down to the end)

So how can I enforce in Microsoft Outlook mail that I want to use my password and one time password code everytime I sign in to my account.


Same as:
https://docs.microsoft.com/en-us/answers/questions/22326/turn-off-passwordless-sign-in-microsoft-authentica.html
https://docs.microsoft.com/en-us/answers/questions/216956/turn-off-passwordless-sign-in-on-microsoft-authent.html
https://social.technet.microsoft.com/Forums/en-US/2c0a3868-a087-4878-a522-1866667e1dd0/how-do-i-disable-passwordless-on-a-microsoft-personal-account-in-authenticator?forum=MicrosoftAuthenticatorApp


Kind regards

microsoft-authenticator
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jhueppauff avatar image
0 Votes"
jhueppauff answered

First of all, passwordless is considered more secure than passwords. Your phone is a second factor and under normal circumstances no one should be able to guess your pin (as the device will lock after wrong attempts), use your face id. Your Password on the otherhand can be tried world wide, even without your device ;-)
https://www.microsoft.com/en-us/security/business/identity-access-management/passwordless-authentication

But lets not get into a fight what is more secure ;-)

The articels you mention cover all Azure AD based logins. We are talking about the Microsoft Accounts (live IDs) here.

Can you try this:

go to your MIcrosoft Account Page -> Security -> Advanced Security Options -> Remove Login Notifications (I translated those menu points from my language, so they might named bit differently)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

UseR-0280 avatar image
0 Votes"
UseR-0280 answered

@jhueppauff

Thanks for your reply.
I tried that, in english it is 'Send sign-in notification' :) , which you can remove yes, but then you get the question if you want to remove the authenticator app:


Remove Microsoft Authenticator app?

Are you sure you want to remove the Microsoft Authenticator app? Removing this method means that you will not be able to use it for sign-in or verification.


That is of course not what i want. :)


Another way, but this way don't allow cloud back-up for the app, is when you enable two-step verification or you manually add another another way to sign in by clicking "Add a new way to sign in or verify" and then select "Use an app", you then get the message:


Set up the Microsoft Authenticator app
Get the Microsoft Authenticator app to sign in with your phone, not your password. Or, set up a different Authenticator app.


By clicking "set up a different Authenticator app." you can scan a QR code and follow instructions. With this you get a new Account verification called "Enter a code from an authenticator app". But again, this don't allow cloud back-up for the app.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.