I have the exact same problem that @Devin Goble reported here...
If I try to sign in to my (personal) Microsoft account in my Windows browser, and I click on "I don’t have access to my Microsoft Authenticator app", it prompts me to verify my identity by sending me a code to my email address as well as via SMS to my phone number.
However, I after I successfully enter in these two codes, it then prompts me to add a password to my (passwordless) account! This makes no sense at all, as a passwordless account isn't supposed to use or need a password.
Furthermore, Microsoft's FAQ here says "If you lose access to your Microsoft Authenticator app, you can still access your Microsoft Account using an alternate recovery method like text message or a backup email address."
It doesn't say that I have to add a password back to my passwordless account in order to do that.
On the Security page of my account, I have configured several methods for verifying my identity - see my screenshot below. And as you can see, I definitely do have the "Passwordless account" setting enabled there. And you can also see that there is no password configured in the list (if my account did still have a password assigned to it, you'd see it there).
So my questions are:
- Why does it force me to add a new password after I use the Email and SMS verification methods?
- Why doesn't it simply sign me in to my account after I've verified myself using Email and SMS? According to the above FAQ support article, this is how it's supposed to work.
- Why does it only offer Email and SMS as verification methods, even though I've configured "Enter a code from an authenticator app" using a third-party authentication app? It should let me choose this as a verification method, but it doesn't.
I think it should be possible for someone else to reproduce this, and as far as I can tell this is a bug - the method for signing into an account when you don't have the Authenticator app available is clearly broken.