Earlier this month, Alex Weinert, the Director of Identity Security at a little company called Microsoft, published a blog post begging us to stop using SMS as the second factor for MFA. I’m an MFA kind of guy, I live the MFA life style, and I’m on board with that. As the majority of the accounts I use can use the Microsoft Authenticator app, that’s what I use the most. Other companies, like Google, also have authenticator apps. I’m sure they’re fine and well loved by their friends and families.
Over the last few months I’ve moved most, if not all, of the apps and sites I can to MFA using the Microsoft Authenticator app and I’ve picked up a few tricks along the way. I thought I’d blog a few of them in case they help anyone else. Keep in mind this blog post was written in November of 2020 and the version of the app I’m using is 6.2010.7266 on Android.
Use Microsoft Your Phone
My first tip for using Microsoft Authenticator is not about using Microsoft Authenticator at all. It’s about using a Windows 10 feature called “Your Phone.” This feature, along with an app running on your phone, allow you to interact with your Android phone on your Windows 10 machine, or machines. I initially started using it to send text messages but it can do so much more. For instance, you can run phone apps on your PC, via screen sharing. One of those apps can be your friend and mine, Microsoft Authenticator. Since web sites (like Microsoft 365) and other services like VPN use codes generated from Microsoft Authenticator it is handy to have quick access to it on your PC. Here’s what it looks like:
That saves you fumbling with the UI on your phone, but you’d still need to look at your phone to get the code.
For this to really be helpful you also need to change a setting in the app to allow its screen to be captured. Go into Settings and enable Screen Capture:
If you don’t, you’ll see this on your PC when you open Microsoft Authenticator:
When I need to log into my GitHub account I fire up Your Phone on my computer, switch to the Microsoft Authenticator app and type the secret 6 characters in. Now I’m logged into GitHub and ready to cause some trouble.
Show the Codes
By default, when you open Microsoft Authenticator you’re greeted with a list of all of the accounts you’ve registered and you select the one you want to log in to. Authenticator takes you to a screen with the one-time passcode for that account. But all that clicking is sooo much work. I take advantage of the “Show Codes” option, like below.
That shows me all the codes for the accounts that support it. You can see how it looks in the first screenshot. Combining these two techniques my MFA process went from:
- Hunting around for my phone
- Unlocking it (unsuccessfully the first couple of times)
- Finding the Microsoft Authenticator app
- Finding the account I want to log in to
- Clicking it (so much work)
- Typing all six digits into the MFA prompt on my computer
- Collapsing from exhaustion
- Clicking the Microsoft Authenticator app on my Windows 10 Taskbar
- Copying the one-time passcode for the account
- Pasting into the MFA prompt
- There’s no step 4!
Wait, copy and paste the passcode? How’s that again?
Copy and Paste the Passcode
Once you have that set up you can actually copy the passcode from your phone in Windows and paste it into whatever web page or app is asking for it. To take advantage of this magic you need to enable copy and paste in the Your Phone app on Windows 10.
You might have to close the Authenticator app both on your phone and your PC for that to take effect. When you have it working, it’s a thing of beauty. Just copy the passcode with your mouse like you would any other application. There’s no visual indication that it’s copying, but trust me, it is. Go ahead, paste it into Notepad and see for yourself. Cool, huh?
Backup Your Settings
I recently heard a sad tale of woe from a friend of mine that uses Microsoft Authenticator for all of his MFA needs. Something went wonky on his phone and he lost a bunch of the account settings. He had to go through a lot of work to get it all set back up. That’s when he and I both noticed the handy Backup functionality. Like all the other fun we’ve looked at it’s in the Settings page of the app. You can read all about it on this Docs Page. But the basic idea is, turn it on. Future you will appreciate your consideration and foresight.
There are a few other fun Authenticator tricks, but these are my favorites. Are you using Authenticator and have tips to share? Put them in the comments below.