Microsoft Authenticator: turn off passwordless sign in

UseR 1 Reputation point
2021-08-19T13:10:30.697+00:00

Hi,

I use Microsoft Outlook webmail (https://outlook.live.com/owa/) and the Microsoft Authenticator app for 2-step authentication.

If you use the Microsoft Authenticator app and want to use cloud back up you need to add a Microsoft account. I entered my details and all is setup and working correctly.
But now if I sign in to my e-mail account a notification is send to my Authenticator app and I am signed in without entering my password. If someone gets my phone and knows my pin code that person can sign in to my e-mail account. This is not safe and secure, even my password is more secure. So I want to turn off passwordless sign in and want to enforce the password and a one time password code.

If have red many articles about this and some say you need to go to azure AD, but me and other people don't have azure AD, we use Microsoft Outlook mail. A second option is the Authenticator App itself, if you select your account you should have an option to disable phone sign in, but I and many other people with this problem don't have that option in the Authenticator app.
(for picture see https://learn.microsoft.com/en-us/answers/questions/22326/turn-off-passwordless-sign-in-microsoft-authentica.html and scroll down to the end)

So how can I enforce in Microsoft Outlook mail that I want to use my password and one time password code everytime I sign in to my account.

Same as:
https://learn.microsoft.com/en-us/answers/questions/22326/turn-off-passwordless-sign-in-microsoft-authentica.html
https://learn.microsoft.com/en-us/answers/questions/216956/turn-off-passwordless-sign-in-on-microsoft-authent.html
https://social.technet.microsoft.com/Forums/en-US/2c0a3868-a087-4878-a522-1866667e1dd0/how-do-i-disable-passwordless-on-a-microsoft-personal-account-in-authenticator?forum=MicrosoftAuthenticatorApp

Kind regards

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,634 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Julian Hüppauff 336 Reputation points Microsoft Employee
    2021-08-20T08:51:48.24+00:00

    First of all, passwordless is considered more secure than passwords. Your phone is a second factor and under normal circumstances no one should be able to guess your pin (as the device will lock after wrong attempts), use your face id. Your Password on the otherhand can be tried world wide, even without your device ;-)
    https://www.microsoft.com/en-us/security/business/identity-access-management/passwordless-authentication

    But lets not get into a fight what is more secure ;-)

    The articels you mention cover all Azure AD based logins. We are talking about the Microsoft Accounts (live IDs) here.

    Can you try this:

    go to your MIcrosoft Account Page -> Security -> Advanced Security Options -> Remove Login Notifications (I translated those menu points from my language, so they might named bit differently)


  2. UseR 1 Reputation point
    2021-08-20T14:39:27.503+00:00

    @Julian Hüppauff

    Thanks for your reply.
    I tried that, in english it is 'Send sign-in notification' :) , which you can remove yes, but then you get the question if you want to remove the authenticator app:


    Remove Microsoft Authenticator app?

    Are you sure you want to remove the Microsoft Authenticator app? Removing this method means that you will not be able to use it for sign-in or verification.


    That is of course not what i want. :)

    Another way, but this way don't allow cloud back-up for the app, is when you enable two-step verification or you manually add another another way to sign in by clicking "Add a new way to sign in or verify" and then select "Use an app", you then get the message:


    Set up the Microsoft Authenticator app
    Get the Microsoft Authenticator app to sign in with your phone, not your password. Or, set up a different Authenticator app.


    By clicking "set up a different Authenticator app." you can scan a QR code and follow instructions. With this you get a new Account verification called "Enter a code from an authenticator app". But again, this don't allow cloud back-up for the app.

    0 comments No comments