85 points
*

Fun fact: when my country transitioned to a new public authentication app, the default way was to use your passport to register. My passport was expired, though, so I had to show up in person with my birth certificate and social security card equivalent.

To get my birth certificate, I had to show up at the local office with, you guessed it, my passport.

Lucky for me that they accepted it in spite of being expired (none of the pertinent information such as my face, name and birth date had expired, after all), or I would probably be trapped in the loop to this day, years later.

permalink
report
reply
29 points

Ohh, that reminds me of when I moved to Sweden. Their digital ID, bankID, is as the name suggests issued by your bank, not the government, even though it is used for all official authentication. And that includes… you guessed it, creating a bank account. So that was a real chicken and egg situation where it seemed impossible to be properly integrated into the Swedish system.

permalink
report
parent
reply
18 points

I think you have the situation everywhere. At one time in France they ask you for your bank account details to see that you have funds so that they give an ID. But the bank will refuse to open you an account without an ID. So it will depend on the agent handling your request.

permalink
report
parent
reply
7 points

Why do y’all in Europe have your bank manage your legal ID? Seems a bit backwards

permalink
report
parent
reply
2 points

We don’t. We show banks picture ID to prove that we are who we say we are. That picture ID is usually our passport or driver’s license, neither of which is managed by the bank.

permalink
report
parent
reply
1 point

I guess it was a system already in place. There’s been suggestions to have different system where I live but mostly the current system seems fine to most so it hasn’t been changed. Some form of EU wide digital ID app or something might be nice. Or it could be an annoying pain, you never know how those turn out.

permalink
report
parent
reply
7 points
*

Reminds me of the first days of BankID here in Norway. To get my new BankID to work with my current bank, I had to log in with, you guessed it, a BankID allready configured to my bank. Took a few weeks talking to the bank, showing up in person and queueing with others with the same problem before the bank realized they’ve made a mistake somewhere

Same happened when the code thingy the bank sent me ran out of batteries. I went to the bank and asked for a new one. Not possible, they said. I had to contact the main branch, and they would send me new one. It would only take one week or so. I had to pay a bill that day, and asked if I could open it to replace the batteries since there was visible screw with ordinary heads. They said that was illegal and hacking, and that I must replace it. On my way home I opened it, and bought the exact same batteries from a shop, and replaced them. Worked perfectly!

permalink
report
parent
reply
6 points

Hi neighbor! waves across Øresund

Yeah, I’m a big fan of Scandinavian style government (unlike the current governments of both of our countries, it would seem) in general, but sometimes the bureaucracy can get a little bit ridiculous 😂

permalink
report
parent
reply
2 points

Bare rolig, jeg er tilbage på den rigtige side af Sundet nu 😉

permalink
report
parent
reply
1 point

It seems like most countries have some variation of this issue. When I had to apply for government assistance here in Australia, there was a whole debacle because as I discovered, I don’t actually have a middle name but rather 2 first names because my birth information was filled in incorrectly. So that caused issues because all 3 of the IDs they demanded listed different information. My student ID didn’t list my second name at all, my learner driver permit initialised it, and my birth certificate listed it in full.

Then my government service account messed things up too, because certain services have my 2nd name listed as either a middle name, or just a second first name so they decided that because I have different government services linked in “different names” I must be committing fraud

permalink
report
parent
reply
5 points

This is why I currently have no proper ID.

I have my birth certificate and my public healthcare card, and a not expired but no longer fully accepted proof of age card that previously counted as full ID but no longer does, but without it I dont have enough ID to get the new form of ID the government introduced in place of the old one I have.

It’s enough to prove who I am at a liquor store or chemist, day to day, but I can’t get a passport until I sort it out.

permalink
report
parent
reply
1 point

When did they remove proof of age cards? (Vic or SA?)

permalink
report
parent
reply
3 points

Actual Proof of Age Cards are still around, and that’s what I need to get (but I don’t have anything with my current address on it, other than the lease agreement, so it’s going to take a few steps over red tape to get proper ID, and I am not mentally healthy enough to push that process along right now)

I had a keypass, which they stopped in 2022. I only found out about proof of age cards last year, when I tried to get into an RSL and the bouncer asked if I had anything else because they’re phasing out keypass.

I know it’s stupid and ignorance isn’t an excuse, but as a teenager I was told to get a keypass because “that’s the ID you get when you don’t have a licence” so I got a keypass, and for the next 15 years I didn’t run into a single issue with not having the right ID. No one I worked with ever questioned why that’s the only ID I had, so I never really stopped to research the specifics. I didn’t know that keypass and “proof of age card” were different, I thought keypass was a proof of age card, just different names for it.

permalink
report
parent
reply
48 points

Aegis Authenticator is the best 🏆

permalink
report
reply
14 points

Unfortunately, Microsoft will often force their own 2FA app when logging in to 365.

permalink
report
parent
reply
18 points

Not true, I’ve always used Authy.

permalink
report
parent
reply
2 points

It became true in the past 6 months for me after always using Aegis.

permalink
report
parent
reply
8 points

No they don’t. That’s a configuration setting.

permalink
report
parent
reply
8 points

If your admins change the default away from Authenticator only they see bright red “MS 365 insecure” banners.

So… Its a dark pattern that technically allows other options.

permalink
report
parent
reply
10 points

Best one out there

permalink
report
parent
reply
2 points

Thank you, how about for iOS users?

permalink
report
parent
reply
2 points

Buy a different phone… Apple is terrible in so many ways

permalink
report
parent
reply
2 points

Just switch to Android/AOSP lol I’ve heard good things about Raivo Authenticator for Apple devices, although I’ve never used it myself.

permalink
report
parent
reply
36 points

PSA, don’t use Microsoft authenticator. It’s easy to accidentally wipe your cloud backup and lose all your authenticator codes when switching devices

permalink
report
reply
11 points

Cooperate forces me.

permalink
report
parent
reply
5 points

I think you can use standard TOTP regardless if you add TOTP as an option in the authentication methods on your account page. At least I did and the system has yet to complain.

permalink
report
parent
reply
4 points

Nope, IT can disable third-party TOTP services, and force all employees to use the official MS Authenticator app.

permalink
report
parent
reply
9 points
*

Is there actually any way to export the secrets from MS authenticator? I’ve been wanting to move them to something like bitwarden but it’s gonna take ages if I have to reset all ~50

permalink
report
parent
reply
3 points

They provide “Cloud Backups”.

Take the time, move them 5 a day. Better than loosing them forever

permalink
report
parent
reply
1 point

Yeah I suppose that’s the best solution, I’m just a little impatient lol

permalink
report
parent
reply
4 points

Can you provide more info how it’s easy to accidentally wipe? I’ve only done a transfer once, but it was by installing authenticator on the new phone and logging in, then deleting the other one on the old phone after testing that the codes work.

permalink
report
parent
reply
8 points

You have to begin the recovery on the new device before logging in. If you log in normally and enable cloud backup on the new device, it will simply overwrite the existing backup with a new empty one

permalink
report
parent
reply
4 points

That design is awful

permalink
report
parent
reply
3 points

Don’t worry, I’m going to keep using Bitwarden for my personal accounts.

permalink
report
parent
reply
3 points

Yes, and while you can move it phone to phone on iOS, you cannot on Android. So stupid.

If you are forced to use it by your company just use it for that email, nothing else. Use something like authy instead.

permalink
report
parent
reply
3 points

If your company forced you to use mobile authentication, they should also be providing you with a device on the company plan at no cost to the employee.

In which case you should absolutely use MS Auth and give them all your delicious work data because nothing personal should be on the device anyway.

permalink
report
parent
reply
2 points

Authy requires a phone number last I checked & is a part of a for-profit entity. TOTP management is a simple task so there is no reason not to be using something open source.

permalink
report
parent
reply
1 point

Learnt that the hard way

permalink
report
parent
reply
1 point

Somehow I don’t think there’s much risk of anyone doing it willingly…

permalink
report
parent
reply
24 points

This is specifically an issue with corporate M365 accounts when a user tries to migrate to a new phone without access to the old phone where the authenticator was setup.

Personal MS accounts can backup their auth secret keys to cloud storage, and when signing in on a new device, it authenticates you with your cloud storage (Google/Apple) and properly restores your MS Authenticator app.

The issue is that while MS says you can backup your corporate M365 accounts in MS Authenticator, it doesnt actually store the secret key, so it’s useless.

Have your administrator enable TAP (Temporary Access Passwords) on the tenant. Then an M365 admin can create a TAP for your account that lets you login without a password/2FA. You can use the TAP to login and rejoin MS Authenticator app. The TAP expires in 1 hour by default.

permalink
report
reply
3 points

I’m in this particular loop at work where I don’t want and don’t really need an account, so I’m going to pretend I didn’t see this and if you could ensure that IT doesn’t see this, that’d be great, thanks.

permalink
report
parent
reply
1 point

MS auth also supports SMS via phone number. That’s a whole new level of insecure, but lets you migrate to a new phone rather easily.

I’m 90% sure, all that 2FA crap is a sham anyway.

permalink
report
parent
reply
19 points

Brought to you by the same company that takes you to the logout page when you go to the login URL

permalink
report
reply

Memes

!memes@lemmy.ml

Create post

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

Community stats

  • 8K

    Monthly active users

  • 13K

    Posts

  • 288K

    Comments