“I believe in fixing it, I’m sorry, I say.” a workaround because this is to use the Private Key from the Identity Provider and type this yourself in the Authentication app during setup,” the user wrote. “Unfortunately, this is not very useful in a business environment, especially when the average user rarely knows anything about the inner workings of authentication, and seeing a random string of characters is scary.”
‘A big problem with usability and cybersecurity’
This issue received attention recently when Australian IT consultant Brett Randall posted about it on LinkedIn.
In his post, Randall described participating in a recent sales training session: “As we entered their program, we were presented with a QR code to scan the MFA. “A number of attendees opened Microsoft Authenticator, scanned the QR code, and proceeded to overwrite another app’s TOTP (One-Time Password) key,” Randall wrote.
Source link