MS passwordless plans

Topics:
Forums
5
16 Sep, 21
28
5
1

Microsoft's passwordless plans lets users switch to app-based login https://www.bbc.co.uk/news/technology-58575954

Does this mean if you attack the Authenticator app you own all user devices?

1 Comment

16 Sep, 21

It looks like for Microsoft services they aren't using the industry standard time-based OTP generation, and are using a less passive solution. Would be interested in looking into their protocol, if keys can be stolen once can they then be used forever?