Jump to content
  • Why Microsoft Authenticator ditched multiple-choice logins


    Karlston

    • 95 views
    • 2 minutes
     Share


    • 95 views
    • 2 minutes

    Slashed guessing odds are a nice bonus, but changing the app from multiple-choice to manual typing is really about stopping accidental approvals and spam attacks.

    The next time you open Microsoft Authenticator to log in to a device, you could be met with a new interface. Microsoft is rolling out a change that requires you to enter a number manually rather than tapping one of three options.

     

    The update first appeared for enterprise and education users, but it has since started rolling out to personal Microsoft accounts. We've seen the new prompt appear on a personal device, suggesting the rollout is in progress.

     

    At first glance, you may think that the change makes Microsoft Authenticator 33 times more secure. That would be true if malicious actors were hacking into accounts by guessing the number that appeared.

     

    Before the change, there were only three options available, giving a theoretical blind hacker around a 33 percent chance of guessing. By requiring a two-digit number to be entered manually, there is only a 1 percent chance of guessing it right.

     

    But attacks centered on multi-factor authentication usually aren't guessing games. Bad actors often spam users with a bunch of prompts to authenticate in the hopes that the user will approve the prompt or guess the correct number.

     

    Accidental approvals are also an issue. With only three numbers appearing on a screen, you could tap the correct number by accident when opening the app or moving the phone around in your pocket.

     

    Requiring a number to be entered manually reduces those risks greatly.

     

    Microsoft has made several changes to its authenticator app to improve security. SMS codes are being phased out as an option for personal Microsoft accounts because they are insecure. SMS-based authentication is the leading source of fraud, explains Microsoft.

     

    The change to requiring manual number entry is more pinpointed than shifting away from SMS-based authentication, but it adds another layer of security.

     

    The update is rolling out gradually, so you may not see it yet.

     

    Source


    Hope you enjoyed this news post. Feedback welcome.

    Posted Friday 19 June 2026 at 8:22 am AEST (my time).

    News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of May) 2,092

    RIP Matrix


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...