Help me out Authenticators

Feb 4, 2009
31,916
12,287
136
Being brief, last week I was spammed with ATT password reset request. Spammed means about 36 times over a few hours. I have not used ATT in about a decade, I also received a message from a t-mobile reseller about “needing to varifying my info” to complete my order (this looked suspiciously like phishing so it may not be involved), now I have had two Microsoft security code requests sent to me without requesting them. These are 100% legit Microsoft emails. Seems my email accounts are secure.
Guessing that some of my info must be floating around somewhere. Should I load an authenticator app like the Microsoft one or a different authenticator app?
Do those apps add a decent amount of security?
I suspect phone/email and old att account numbers have been leaked somehow.

looking for suggestions on how to lock my email account down because it sure feels like someone is trying to break in.

side facts:
I made more secure passwords for everything over the Summer because chrome told me one I historically used With variations had been compromised.
My fear is having my email account stolen then the gates open for me to purchase god knows how many iPhones.

@ch33zw1z you are good with security stuff
 

UsandThem

Elite Member
Super Moderator
May 4, 2000
15,688
6,664
146
I used Google Authenticator for several of my accounts (not Microsoft related services though).

Outside of that, I make sure no passwords are shared among different accounts, and if my account has the option for 2FA, I enable it. I do this with accounts like Paypal, T Mobile, Chase, Discover, etc.

It's very likely with all the different data breaches, your email address along with the password associated with it at the time is out there being bought or sold by someone. When you see news about that (and you will) just make sure to have Google scan the web for a few times a year to see if you need to change a password for a particular account.

Nobody is going to be able buy anything with just your email address (I also have it where my cell phone number can't be ported out to another carrier, and that's one of the bigger targets, as they can use that to bypass or receive 2FA authorizations).
 
  • Like
Reactions: ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
35,066
14,158
146
Being brief, last week I was spammed with ATT password reset request. Spammed means about 36 times over a few hours. I have not used ATT in about a decade, I also received a message from a t-mobile reseller about “needing to varifying my info” to complete my order (this looked suspiciously like phishing so it may not be involved), now I have had two Microsoft security code requests sent to me without requesting them. These are 100% legit Microsoft emails. Seems my email accounts are secure.
Guessing that some of my info must be floating around somewhere. Should I load an authenticator app like the Microsoft one or a different authenticator app?
Do those apps add a decent amount of security?
I suspect phone/email and old att account numbers have been leaked somehow.

looking for suggestions on how to lock my email account down because it sure feels like someone is trying to break in.

side facts:
I made more secure passwords for everything over the Summer because chrome told me one I historically used With variations had been compromised.
My fear is having my email account stolen then the gates open for me to purchase god knows how many iPhones.

@ch33zw1z you are good with security stuff
Yes, add an authenticator and a password manager into the mix.

I use Authy because it has some features that google authenticator didn't.

For passwords, I use SafeInCloud. My passwords are all randomly generated. The only passwords I commit to memory is the one to unlock SIC and the one I gen'd for the cloud account i store the SIC db on.

I agree with you and UsandThem. Your account info was leaked and someone or some script is trying like hell. The 2FA via SMS or email is likely stopping accounts compromised, but it's worth locking it down further.

edit: keep in mind though, not all vendors support the authenticator. AT&T is a good example. They have SMS 2FA and an 8 digit pin for account changes. Last I checked was a few months ago, but I think that was it (maybe email, don't think so).

Or Apple for instance. They support SMS and 2FA thru an iphone. No authenticator afaik.
 
Last edited:
Feb 4, 2009
31,916
12,287
136
Oh god

and thanks guys, I’m not too worried however I want to lock this down.
Former telecom guy here. My account has a pass code I have never used for anything online or phone related like voicemail. I should be acceptably protected from a number port.
I’ll check out some authenticators tonight. I typically like Microsoft for stuff like that since they have skin in the game to prevent failure.
 

Chiefcrowe

Diamond Member
Sep 15, 2008
4,985
145
116
Yes it is unfortunate that not all sites/vendors support using authenticators. Still, I like Authy too because it supported backing up your tokens before google did and it also allows you to sync your accounts on multiple devices (such as a phone and ipad for example). I am not sure that google or microsoft authenticators have that option....
 
  • Like
Reactions: ch33zw1z
Feb 4, 2009
31,916
12,287
136
Yes it is unfortunate that not all sites/vendors support using authenticators. Still, I like Authy too because it supported backing up your tokens before google did and it also allows you to sync your accounts on multiple devices (such as a phone and ipad for example). I am not sure that google or microsoft authenticators have that option....
Per my very brief research the other night the Microsoft authenticator took me to the apple App Store. I assume that means it is good for my iPad too. Hopefully I don’t need to enter it every single time with my outlook app. I hate how apple threads the messages and I hate how apples calendar app works.
 

ch33zw1z

Lifer
Nov 4, 2004
35,066
14,158
146
Per my very brief research the other night the Microsoft authenticator took me to the apple App Store. I assume that means it is good for my iPad too. Hopefully I don’t need to enter it every single time with my outlook app. I hate how apple threads the messages and I hate how apples calendar app works.
I haven't used MS Authenticator. You could always try it out, and try out another like Authy or Google for a different account and see which you prefer.

I like Authy because of the features it has, but it's not the only one that works. Like multiple devices, encrypted backups.

Pick the one you like, and then start adding accounts one at a time. Let us know how MS's works!

Oh god

and thanks guys, I’m not too worried however I want to lock this down.
Former telecom guy here. My account has a pass code I have never used for anything online or phone related like voicemail. I should be acceptably protected from a number port.
I’ll check out some authenticators tonight. I typically like Microsoft for stuff like that since they have skin in the game to prevent failure.
When I login to AT&T, I have to input my 8 digit code AND 2FA SMS. I leave that on in the settings. And also if I call in, then the rep has to have the code to make changes. The code is stored in my SafeInCloud ATT profile, just gotta look at it ;P It can be any damn thing, I won't remember it 100% cause I don't need to, as long as I can open SafeInCloud I'm good.

I don't even use the "trust this browser" stuff most of most of the time, especially for money stuff (like paypal). I do this to force a 2FA code to be used, for my own peace of mind and to verify it's working.
 
Feb 4, 2009
31,916
12,287
136
I haven't used MS Authenticator. You could always try it out, and try out another like Authy or Google for a different account and see which you prefer.

I like Authy because of the features it has, but it's not the only one that works. Like multiple devices, encrypted backups.

Pick the one you like, and then start adding accounts one at a time. Let us know how MS's works!



When I login to AT&T, I have to input my 8 digit code AND 2FA SMS. I leave that on in the settings. And also if I call in, then the rep has to have the code to make changes. The code is stored in my SafeInCloud ATT profile, just gotta look at it ;P It can be any damn thing, I won't remember it 100% cause I don't need to, as long as I can open SafeInCloud I'm good.

I don't even use the "trust this browser" stuff most of most of the time, especially for money stuff (like paypal). I do this to force a 2FA code to be used, for my own peace of mind and to verify it's working.
not too worried about att, I canceled that shortly after I was laid off. Been about 8 or 9 years since it was active. I know they restrict the SSN/DOB info well and whatever card was associated with it is certainly inactive. Plus it was my old address.
The authenticators do they “remember” your PCs outlook and phone mail clients. I want to be secure however I am neurotic about checking email it would be a major pain in the ass to authenticate every time I check my email particularly on my iPhone. I can ditch the iPhone outlook app if needed, I just prefer how it looks vs the built in apple mail & calendar application.
I don’t want to be authenticating 36 times per day.
 

ch33zw1z

Lifer
Nov 4, 2004
35,066
14,158
146
not too worried about att, I canceled that shortly after I was laid off. Been about 8 or 9 years since it was active. I know they restrict the SSN/DOB info well and whatever card was associated with it is certainly inactive. Plus it was my old address.
The authenticators do they “remember” your PCs outlook and phone mail clients. I want to be secure however I am neurotic about checking email it would be a major pain in the ass to authenticate every time I check my email particularly on my iPhone. I can ditch the iPhone outlook app if needed, I just prefer how it looks vs the built in apple mail & calendar application.
I don’t want to be authenticating 36 times per day.
If that's a setting, it would be in Outlook somewhere. The authenticators aren't hooked into the accounts in a way that they can modify anything. It's all from the account side.

That being said, I'm using one at work (developed by my employer) that can accept "push" notifications from my account. So about once a day, usually in the morning (like first time logging in for the day), my internal login can push an authentication to the phone / app associated with my account.

This is the only account I see this from, or get this from, that I can think of off the top of my head. None of my personal accounts will do this. It's just a prompt for a code. None of my MS accounts require it constantly, just occasionally when I login directly. None of my mail apps care either, but I actually haven't used Outlook mobile.
 
Last edited:

Chiefcrowe

Diamond Member
Sep 15, 2008
4,985
145
116
Yes and Authy also supports ipad/ipod touch so you can use the app on multiple devices.

This page shows more detail on how it all works, including multiple device support and backup of authenticator tokens in the event you don't have access to your device and need to set it up again on a new one:


Assuming that your Outlook mobile app/email system is relatively new it should support modern authentication and you won't have to authenticate every time.

In my experience, I only have to re-authenticate with the Authy app if I have not saved the browser after first log in, using a different browser to log into the site in question (such as gmail), or if I am on a different computer.



Per my very brief research the other night the Microsoft authenticator took me to the apple App Store. I assume that means it is good for my iPad too. Hopefully I don’t need to enter it every single time with my outlook app. I hate how apple threads the messages and I hate how apples calendar app works.
 
Feb 4, 2009
31,916
12,287
136
So updates:
I still periodically get bombed with MS password resets. Bombed means around a dozen time over an hour or two. For a bit I was thinking it was some moron or the girl in Ireland that has the same initials and similar email address whom I have gotten emails for.
Then…..
Amazon & Facebook started to get password reset requests.
I have the MS Authenticator running and it is pretty slick. Works well with my iPhone.
Regarding having to authenticate email frequently it doesn’t happen like that. I have done it once and I am set, I saw something about a “secure cookie” or whatever is kept in the app to help with logins.
 

ASK THE COMMUNITY