I’m pretty security minded when it comes to my internet accounts. If there is a two-factor authentication option I immediately sign up. If I can opt for an authentication app instead of sms (vulnerable to hacks) I do so right away and take out my phone number as an option. If I can use a Yubikey or device authentication, it’s activated. So when Microsoft offered passwordless accounts I figured, why not give it a try. The caveat is that you have to use Microsoft Authenticator. I first tried it out maybe a year ago and then I had to erase my iPhone for some reason and immediately got locked out of my account. I managed to get back into it and turn off the passwordless option and stick with standard 2FA.
But like Charlie Brown, with a compulsion to believe that Lucy will hold that football for him to kick, I read that they now offer iCloud backup and also syncs across devices (you don’t have to scan all your QR codes twice). So what the hell? Let’s give it another shot. Downloaded MA, made my main Microsoft account passwordless. Tried to set up my second account but was not able to sign in to it. I kept being prompted to use Microsoft Authenticator to verify the account (But it’s not set up yet?!). Waited to confirm the number on my screen with the app on my iPhone but the app never prompted me to verify. Tried to use email to verify but to no avail. My Yubikey apparently doesn’t work with that account anymore either. It’s as good as dead.
Ok fine, Let me scan some QR codes for my other accounts, and see if they will also sync to the app on my iPad. Nope, not showing up. Looked through Microsoft support page and found no help whatsoever as to why the app isn’t syncing across devices, even though it claims it does. Was getting ready to delete the app (but first let me remove those qr codes), when I decided to delete the app and reinstall it and see if there is a restore from backup option.
Luckily there is and now the codes are on the iPad; albeit, the ones that weren’t already deleted when I grew frustrated with this app. Wish I had known that and didn’t have to play guess work (should’ve been in the Microsoft support page but there is no troubleshooting to be found). Silly me for not thinking that far ahead when it didn’t sync to begin with.
Is Microsoft Authenticator really worth all this trouble just to keep my Microsoft account passwordless? I was fine with 2FA, and that’s the current standard for online accounts. I definitely am looking forward when you can use 1Password or Safari for passwordless sign-in to my other accounts; provided that those sites use the new FIDO protocols. And that’s just it. Once again I went and tried to fix something that was already working. I already use 1Password and 2FA. I’m currently also playing around with Safari as my default browser and using my Face ID/Touch ID to sign in automatically and see how that fares against 1Password. I also use OTP auth for my one-time 6-digit passcodes (though I have also dabbled with 1Password and Safari automatically doing that instead).
I should’ve just stuck to what is already working for me. Using Microsoft Authenticator for one account is pointless. I think this second go around has burned me enough that I won’t attempt it again.