Outlook.com account MFA concerns

Page 1 of 2 12 LastLast

  1. Posts : 864
    Win10
       #1

    Outlook.com account MFA concerns


    I have tested my mothers Outlook.com account using MFA with the MS Authenticator app installed on her mobile.

    What seems to be pointless, is that when she attempts to sign in she gets to enter her email address and what concerns me, is that there are also two options to select from: Use the MS Authenticator app or use Password to sign in. We selected the password option to sign in and she was signed in to her Outlook email without the use of MFA...

    Can anyone understand the point of this?
    Does not make sense to us at all.

    So what is the point of using MFA if someone can just still login with a password?
    Attached Thumbnails Attached Thumbnails Outlook.com account MFA concerns-thumbnail_image0.jpg  
    Last edited by win10freak; 23 Feb 2023 at 13:59.
      My Computer


  2. Posts : 705
    W10
       #2

    I can only comment as customer, confronted with 2FA. There are many approaches used.

    -Some organizations require with login a code, sent over landline or GSM.
    - Some time ago gmail required 2FA. To continue receiving emails on my desktop using thunderbird, I had to check in the WebUI 2FA and authorization method and to uncheck "only use password". In the settings of thunderbird I had also to set the authorization method (OAuth2). Maybe to my surprise for access to the WebUI of google and gmail, I still need only a password. On my gsm nothing changes either, and since my password is someway stored in the app, I have immediate access to my mails. I assume that gmail uses some profiling method for security.

    In the EU, 2FA is law for financiakl transactions.including banks and Web shops.
    - For Amazon transaction I only need a password. They base themselves not on cookies but on profiling you. Profile contains PC settings, browser settings and video card settings. They compare that with their database and such a profile offers a unique identification.
    - Banks use various methods to agree with the law. One of my banks uses a simple method. In a 2FA operation they place a cookie in the browser. Transferring money (to a certain amount) only requires my 5 digit password. It works only with chromium based browsers (I use Brave) but cannot be used with my default browser, since it deletes cookies after closing (Firefox).

    Lesson is that there is a variety of methods to use 2FA without that the customer is aware of.
      My Computer


  3. NMI
    Posts : 1,094
    Windows 11 Pro, Version 22H2
       #3

    win10freak said:
    We selected the password option to sign in and she was signed in to her Outlook email without the use of MFA...
    At https://account.microsoft.com/security then Advanced security options does it say, "Two-step verification ON"?
    Last edited by NMI; 24 Feb 2023 at 08:11.
      My Computer


  4. Posts : 175
    Windows 11
       #4

    Even after turning on MFA I think Outlook "knows" that the device and locations where the signin originated had been used before. She would be required to enter the MFA credentials if the laptop/phone tried to login from a different country or if a new device was used.
      My Computer


  5. Posts : 2,360
    Windows 11 Pro (latest update ... forever anal)
       #5

    If outlook.com 2FA is anything like Gmail, once a device is identified as a legitimate access point for the account user, 2FA is no longer required for future access.

    (Personally I find all 2FA a PITA and a mickey-mouse level of security. If I had anything that required reasonable security or confidentiality, the last method I'd use for email is an account which is accessed through a web browser portal. 2FA is simply public email services assuaging their responsibilities to provide a secure service and give the impression (falsely) that it must be a good secure service.)
      My Computers


  6. Posts : 864
    Win10
    Thread Starter
       #6

    I had done some searching on the internet but came up with these steps below which I think are outdated and old. Because I do not see these Trusted Devices options.

    https://answers.microsoft.com/en-us/...8-5d7ba97d04e3

    Revoke Easy Access to Outlook.com on Trusted Devices

    AND here as well:

    Add or Remove Trusted Devices for Microsoft Account

    And also, I went to the Devices section and says no devices linked to account.

    Consumer accounts store the authorizations for 1 year.
    Can this be the reason?
    https://answers.microsoft.com/en-us/...0-a51909069ce4
    Attached Thumbnails Attached Thumbnails Outlook.com account MFA concerns-screenshot-2023-02-24-19.51.02.png   Outlook.com account MFA concerns-f80137cf-edb7-425f-b7bf-96e5133569b6.png   Outlook.com account MFA concerns-3364f034-6e0e-48c4-887f-eb69dbb146aa.png  
    Last edited by win10freak; 24 Feb 2023 at 14:41.
      My Computer


  7. NMI
    Posts : 1,094
    Windows 11 Pro, Version 22H2
       #7

    Is a Windows PC listed under Ways to prove who you are after signing in at https://account.microsoft.com/security then clicking Advanced security options?

    While you're there, check that page shows "Two-step verification ON".
      My Computer


  8. Posts : 864
    Win10
    Thread Starter
       #8

    2FA is on. But the password less option is off.

    But why I’m not seeing the Trusted Devices option as from those articles that I posted?

    What if I decide to remove a trusted device but I can’t because I don’t see those options. That’s my issue here.
      My Computer


  9. NMI
    Posts : 1,094
    Windows 11 Pro, Version 22H2
       #9

    But:

    NMI said:
    Is a Windows PC listed under Ways to prove who you are after signing in at https://account.microsoft.com/security then clicking Advanced security options?
      My Computer


  10. Posts : 864
    Win10
    Thread Starter
       #10

    All I see is this.

    My main question is this, where is the remove trusted devices at?

    And no one seems to understand this question.
    Attached Thumbnails Attached Thumbnails Outlook.com account MFA concerns-e67677ee-0a0a-4985-b94c-94baf62f3f69.png  
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:37.
Find Us




Windows 10 Forums