Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,954 questions
How to protect MFA configuration if some has password and access to authenticator, from making changes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 19%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWO%3C/text%3E%3C/svg%3E)
Wesley Oliver
1
Reputation point
Hi,
My question is simple, as havn't yet find the awnser if Microsoft Authenticator application is on its own not an independent application that protects my Microsoft one account and 2FA that it provides and an additional password for all related settings. How do you prevent someone after somehow gaining access to your passwords and the MAuth generator rolling codes.
From basically reconfiguring everything. So, for instance, there is another password that is required to be obtained. Which means only access accounts for which MAuth has generators and knows passwords for other accounts.
One also wants when a phone is stolen, to be easily able to restore the Microsoft authenticator application to a new device and reject the old one, by just using a username and password, not being lockdown to a country mobile operator, which can be totally mission to get have number perfectly ported and take days if that goes wrong, relying too much on other people to slow you down.
The other thing is may place claim that well they encrypt your information with your password, well basically, if someone knows the encryption they using, then they can brute force things as the have all the time in the world, then they have access to all the seeds, so if MS, authy one of them encrypted backups leak in ways still possibility for things being cracked.
If you could please elaborate on the separation of MSAuth and MSoneaccount, to prevent this from happening.
The other thing which is becoming quite apparent is that we all need usb nuclear explosion-proof/fire/water proof, in which one can store all the seed qcodes and basically an appliation that can run them, in case hardward and the rest all changes, it work 100 years from now since self contain access code generator if need be.
Don't want one resetting MSAuth app, from a one account recovery that could be disaterus.
One needs a simple easy backup method and paper is not a create one.
Any recommendations or ideas here.
Trying to find the best solutions, which seem to entail purchasing a fireproof bay.
FIre and things on the same site, kinda make another cellphone pointless.
Probability of not being in the same place or location as all the backups, because then you're in trouble.
Really looking for a more reliable source here.
Also, QRCodes probably not the best thing long term, as standards change, which means the seed information is in a format,
which requires a lot of technical decoding to work it back to something simple.
Look forward to here more information on this.