Microsoft Authenticator to Allow Phone Sign In Without a Password

I don’t know anyone who is crazy about using passwords. Unfortunately, we can’t really live without them. People use passwords in so many places that remembering them becomes a challenge. Luckily, people who use password managers only have to remember one complicated “master” password that allows them to access hundreds of sites without memorizing any of their passwords. Microsoft announced yesterday that it wants the security burden shifted from people’s memory to people’s devices. This is a good thing. This means that people no longer have to memorize their passwords to sign in to their phone. What you will need is Microsoft Authenticator app.

Three-Step Process

The entire sign in process is pretty simple. Microsoft calls it a two-factor authentication, but some people will argue that it’s not quite the same as the two-factor authentication. Whatever the case may be, you can’t deny that it is definitely more secure and convenient way to sign in to your phone. By the way, the app supported the two-factor authentication in the past, the difference is that now you can by-pass the password requirement. You will use the following three steps to sign in without a password.

1. Add account to the Microsoft Authenticator app.
2. Enter username to receive a notification on your phone.
3. Tap “Approve” and you will be logged in without a password.

You can’t use this method to sign in to Windows 10 or other operating systems on your PC, but you can use this method on your smartphone, OneDrive.com, Outlook.com, and Skype.com to sign in.

Microsoft Authenticator Requirements

Before you install Microsoft Authenticator, you should know that it is no different than any other app that you install on your smartphone. So before you start blaming Microsoft why it requires to access to things that don’t seem to even remotely be related to what you want to do with the app, you should first blame every other app developer whose app is running on your smartphone because they do pretty much the same thing. As a security professional, my job is to let you know when there are security and privacy risks so you can make informed choices. Here’s what the app requires. It needs access to:

a) Identity (access all the accounts on your phone, use accounts on the device, read or remove accounts, read your own contact card)
b) Contacts (read your contacts)
c) SMS (access to your text messages, including any photos or videos that people may text you)
d) Photos/Media/Files (all images, audio recordings, video recordings, anything in the device’s external storage, access to the USB storage to modify or delete content)
e) Camera (take pictures and videos)
f) Device ID and Call information (this includes your phone number, device IDs, whether a call is active, and also the remote phone number that is connected by a call)

Installing Microsoft Authenticator App

In this article, I will talk about installing the app on an Android. Just like any other app, you can install Microsoft Authenticator from Google Play.

1. On your Android phone, go to Google Play.
2. Search for Microsoft Authenticator.
3. Click Install.
4. Click Continue when you see the Complete account setup popup window.
5. If you see a screen that says “Add a payment option to complete your account.” just ignore it. Google wants your credit card or other payment method, but you can simply click Skip.
6. You will be taken to Microsoft Authenticator screen where you will see the list of items that the app needs access to. You cannot pick and choose what you want to allow or deny. It’s all or nothing. You can expand each item and see the details of the type of access the app requires.
   NOTE: Even though the screen says you can change these settings any time in your account settings, I looked in both the Android settings as well as Authenticator settings. I didn’t see any option to customize or change the permission settings at all. 

   

7. Click Accept, if you agree, to install the app. The app is a little over 4 MB and it takes less than 30 seconds to install it.
8. Once the installation is complete, you can click Open to start the app.
9. The first thing you need to do is add an account. You have three choices:
   a) Personal account
   b) Work or school account
   c) Other account (Google, Facebook, etc.)
   Because Microsoft is considered to be more respectful of people’s privacy and security than Apple, Facebook, and Google; Personal or Work account will be a better choice because they are both Microsoft accounts.
10. Once you have selected the account you want, enter the credentials to Sign in. This could be an account that you are already using on your phone, such as Outlook.com or Gmail account.

The advantage of using this app is that you don’t need to remember your password anymore. The behavior depends on the type of phone you are using. On an Android or iPhone, if you add a new account, the phone sign in functionality will be enabled automatically. For an existing account, on the account tile select the drop-down button and then select Enable phone Sign-in.

What about Windows Phone? Because Windows Phone is not used by too many people at this time, Microsoft wanted to make this functionality available on Androids and iOS devices. According to Microsoft, Windows Phone will be considered at a later time.

NOTE: The Microsoft Authenticator app is available for Windows Phone, Android, and iOS, but the ability to sign in without a password is not currently supported on Windows Phone.

Signing In Without a Password

Once you have added the account to the Microsoft Authenticator app on Android or iPhone, just enter your username to sign in. You will get a notification right away on your phone to Approve Sign in. Simply unlock your phone and then select Approve. That’s it. You will be logged in without a password. Pretty cool, eh? You can switch between the password and Microsoft Authenticator methods if you want. Either way, your last login method will be remembered for your convenience.

As a best practice, for security reasons do not send any logs to Microsoft. In Microsoft Authenticator, click the three horizontal bars in the upper left corner and select Settings. Turn off the Diagnostic and usage data by clicking on the blue button until it turns gray (off). You will see the white circle move to the left side of the slider.

Update: May 4, 2017

I know I have already mentioned this before, but it can get confusing so I will repeat it again. This app has been supported on Windows Phone for some time, but at the time I wrote this article on April 19, 2017, you could not use the feature to sign in without a password on your Windows Phone. Microsoft may add this feature to Windows Phone in the future. If I hear anything different, I will update this article.

Copyright © 2017 SeattlePro Enterprises, LLC. All rights reserved.