Authenticators

The Microsoft authenticator asks to use the Microsoft authenticator to sign in. There is no joke here, but if there were, that would be the punchline. While setting up the Microsoft authenticator on my Android phone, the authenticator demanded I use the authenticator that I was setting up to authenticate my identity. To be fair, the Google authenticator would have done the same thing if I had added my Microsoft account to it instead of setting up the Microsoft authenticator, but that isn’t where this article started. It started with Microsoft software insisting I turn myself inside out in order to find my own skin.

This is a lot like using your Google voice phone number as part of your two-step verification process. You can’t two-step verify if your second verification is behind a firewall that requires the second step to penetrate. There is a workaround for the Google voice number problem, however there is no way to authenticate the authenticators unless you have two phones with one phone already authenticated. This is because you can’t get the Microsoft authenticator on a Windows desktop installation (Google? Mozilla? The ball is in your court.) It is only available for Android and iPhone.

I’m stuck in this predicament because I was trying to troubleshoot software issues on my Motorola phone. I’ve recently become addicted to Looney Tunes: World of Mayhem, but it crashes all the time. All the time as in about four screen changes to the next crash, crashes all the time. Maddeningly frequent. In an effort to see what was causing the problem I reset the phone to factory specs and then preformatted the SD card as part of the phone’s internal memory, a step I had neglected to perform previously, then activated applications until I started noticing the crash issue again. The cause of the crashes? My malware protection application appears to interfere with the wifi calls within the game program, and I’m not about to turn off my anti-malware application. So no fix on that score, but the phone does appear to function more predictably for other programs, so worth the trouble of going back and setting it up properly.

Or at least I thought that way until starting to reactivate some of the less frequently used Android applications. The Facebook and Twitter apps tw0-step verification worked just fine. Annoying but doable because I hadn’t switched them to using an external authenticator (luckily) If I had made an authenticator my second step to log in, then I would have immediately discovered this problem when I tried to log into those applications. The Steam mobile application is almost that bad. It at least gives you an option for hey dumbass this is the authenticator in question. Deauthorize it. I only used the Microsoft authenticator for Microsoft, and today I notice that I’m not signed into Bing.

Why do you need to be signed into Bing?

I’m glad you asked that question. Pull up a chair, it’s a long story. Today’s Windows spotlight image was of a very beautiful series of fields in Japan, but this is also the day when Microsoft doesn’t link the spotlight image as part of the splash screen display, a clickable link that allows you to look for versions of the specific image shown. Allows you to look for versions of the image that can be shared, or allows you to research the location as an educational effort or a possible travel destination. Bing is where the links on the splash screen go to, and I wondered if logging into Bing might give me different search results.

So I tried logging into Bing. Bing promptly demanded that I approve the Microsoft login from my authenticator app. I open the app on my phone, it doesn’t know it’s the authenticator for my phone and my Microsoft account. The authenticator wants me to authenticate on the authenticator that is being authenticated. Now the loop is complete. But it isn’t just Microsoft’s loop, it is Google’s authenticator loop as well. This would have been a problem if (will be a problem when) I discover that I used the authenticator for another program (fingers crossed) I’m not sure what good a mobile authenticator is if I have to go through this much trouble just to get them to work properly.

My Blizzard authenticator is a fob that I’ve managed not to lose for ten years. It still works ten years later and as long as I don’t lose it (fingers crossed) it’ll safeguard my Blizzard account without causing me to turn myself inside out trying to troubleshoot the problem. More than can be said for mobile authenticators.

If you lose your mobile device or (like me) reset your device to factory specs and reinstall all your apps from the Google backup you will have to re-authorize all your authenticators (at least, all of them that I’ve run across so far) If you use the Google authenticator for your Google account as part of your two-step verification, you will lose the ability to open your Google account. More importantly, you will lose access to any other account that relies on it as part of its two-step verification process. This is also true of the Microsoft authenticator.

So, how do you avoid the authenticator loop? Well, Microsoft allows you to remove the authenticator from your Microsoft account after you log into it with a browser. You will have to remember your password and be able to get a second verification by email or SMS if you have two-step verification set up. You can then follow the process for installing the authenticator again as if it was a new installation. You can also use the Google authenticator and add your Microsoft account to that authenticator if you like.

The authenticator is the second application whose data I have had to restore externally, the other one was my medical ID program containing personal data that I hadn’t saved anywhere else. Luckily I had shared the data directly with several physicians, professionals who happily gave me my own data back after I realized I had lost my only copy (now backed up externally) there is no way to transfer the authenticator security tokens to a new phone as of this writing. I’m just glad I never relied on the Google authenticator for my Google account. If you have done this, here is how you turn two-step verification back off. You’ll notice that the first thing you have to do is gain access to your Google account. So if you’ve already lost access to your account, you have my sympathy. I wish I had answers for you.

So what have we learned here? Well, I’ve discovering that mobile authenticators are almost more trouble than they are worth, and that’s three things I learned from resetting my phone to factory specs. I guess it was worth the trouble after all. Still wish I could get that game to stop crashing.

Leave a Reply

Your email address will not be published. Required fields are marked *