Victoria WalbergMar 10

RE: https://infosec.exchange/@merill/116203323789181775

If I wear my EUC security hat, I understand why something like this is being implemented. If I wear my OSS, or security testing hat, I can see this is going to be unpopular for certain groups of people.

Show threadMerill Fernando  Mar 10

@vickyjo

I would expect the security folks to be using passkeys. Why install an authenticator app when you can use the native OS feature...

Show threadVictoria WalbergMar 10
@merill Don't get me started on passkeys ... I meant for security and mobile app testers, they will often jailbreak devices and sideload apps. Also for BYOD there seem to be some challenges ... https://techcommunity.microsoft.com/discussions/identityauth/microsoft-authenticator-passkeys-for-entra-id-on-unmanaged-devices/4365430/replies/4478355
Microsoft Authenticator Passkeys for Entra ID on unmanaged devices | Microsoft Community Hub

Hello, has anyone successfully registered passkeys on an unmanaged phone in an organisation with device compliance policies?Use case is to provide a...

TECHCOMMUNITY.MICROSOFT.COM
Show threadMerill Fernando  

@vickyjo That article is about passkeys that you can store inside Authenticator.

Our new recommendation is to store the passkey natively in your platform OS.

No third party apps required.

Mar 11 at 4:19amWeb
Show threadVictoria WalbergMar 18
@merill Yeah ... there are still issues with that, that are far too long to get into on social media. ;-)