Help me out Authenticators

Toggle sidebar Toggle sidebar
Fanatical Meat

Fanatical Meat

Lifer
Feb 4, 2009
34,564
15,777
136
Being brief, last week I was spammed with ATT password reset request. Spammed means about 36 times over a few hours. I have not used ATT in about a decade, I also received a message from a t-mobile reseller about “needing to varifying my info” to complete my order (this looked suspiciously like phishing so it may not be involved), now I have had two Microsoft security code requests sent to me without requesting them. These are 100% legit Microsoft emails. Seems my email accounts are secure.
Guessing that some of my info must be floating around somewhere. Should I load an authenticator app like the Microsoft one or a different authenticator app?
Do those apps add a decent amount of security?
I suspect phone/email and old att account numbers have been leaked somehow.

looking for suggestions on how to lock my email account down because it sure feels like someone is trying to break in.

side facts:
I made more secure passwords for everything over the Summer because chrome told me one I historically used With variations had been compromised.
My fear is having my email account stolen then the gates open for me to purchase god knows how many iPhones.

@ch33zw1z you are good with security stuff
 
UsandThem

UsandThem

Elite Member
May 4, 2000
16,068
7,380
146
I used Google Authenticator for several of my accounts (not Microsoft related services though).

Outside of that, I make sure no passwords are shared among different accounts, and if my account has the option for 2FA, I enable it. I do this with accounts like Paypal, T Mobile, Chase, Discover, etc.

It's very likely with all the different data breaches, your email address along with the password associated with it at the time is out there being bought or sold by someone. When you see news about that (and you will) just make sure to have Google scan the web for a few times a year to see if you need to change a password for a particular account.

Nobody is going to be able buy anything with just your email address (I also have it where my cell phone number can't be ported out to another carrier, and that's one of the bigger targets, as they can use that to bypass or receive 2FA authorizations).
 
  • Like
Reactions: ch33zw1z
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,764
18,045
146
Fanatical Meat said:
Being brief, last week I was spammed with ATT password reset request. Spammed means about 36 times over a few hours. I have not used ATT in about a decade, I also received a message from a t-mobile reseller about “needing to varifying my info” to complete my order (this looked suspiciously like phishing so it may not be involved), now I have had two Microsoft security code requests sent to me without requesting them. These are 100% legit Microsoft emails. Seems my email accounts are secure.
Guessing that some of my info must be floating around somewhere. Should I load an authenticator app like the Microsoft one or a different authenticator app?
Do those apps add a decent amount of security?
I suspect phone/email and old att account numbers have been leaked somehow.

looking for suggestions on how to lock my email account down because it sure feels like someone is trying to break in.

side facts:
I made more secure passwords for everything over the Summer because chrome told me one I historically used With variations had been compromised.
My fear is having my email account stolen then the gates open for me to purchase god knows how many iPhones.

@ch33zw1z you are good with security stuff
Click to expand...

Yes, add an authenticator and a password manager into the mix.

I use Authy because it has some features that google authenticator didn't.

For passwords, I use SafeInCloud. My passwords are all randomly generated. The only passwords I commit to memory is the one to unlock SIC and the one I gen'd for the cloud account i store the SIC db on.

I agree with you and UsandThem. Your account info was leaked and someone or some script is trying like hell. The 2FA via SMS or email is likely stopping accounts compromised, but it's worth locking it down further.

edit: keep in mind though, not all vendors support the authenticator. AT&T is a good example. They have SMS 2FA and an 8 digit pin for account changes. Last I checked was a few months ago, but I think that was it (maybe email, don't think so).

Or Apple for instance. They support SMS and 2FA thru an iphone. No authenticator afaik.
 
Last edited:
Fanatical Meat

Fanatical Meat

Lifer
Feb 4, 2009
34,564
15,777
136
Oh god

and thanks guys, I’m not too worried however I want to lock this down.
Former telecom guy here. My account has a pass code I have never used for anything online or phone related like voicemail. I should be acceptably protected from a number port.
I’ll check out some authenticators tonight. I typically like Microsoft for stuff like that since they have skin in the game to prevent failure.
 
Chiefcrowe

Chiefcrowe

Diamond Member
Sep 15, 2008
5,046
177
116
Yes it is unfortunate that not all sites/vendors support using authenticators. Still, I like Authy too because it supported backing up your tokens before google did and it also allows you to sync your accounts on multiple devices (such as a phone and ipad for example). I am not sure that google or microsoft authenticators have that option....
 
  • Like
Reactions: ch33zw1z
Fanatical Meat

Fanatical Meat

Lifer
Feb 4, 2009
34,564
15,777
136
Chiefcrowe said:
Yes it is unfortunate that not all sites/vendors support using authenticators. Still, I like Authy too because it supported backing up your tokens before google did and it also allows you to sync your accounts on multiple devices (such as a phone and ipad for example). I am not sure that google or microsoft authenticators have that option....
Click to expand...

Per my very brief research the other night the Microsoft authenticator took me to the apple App Store. I assume that means it is good for my iPad too. Hopefully I don’t need to enter it every single time with my outlook app. I hate how apple threads the messages and I hate how apples calendar app works.
 
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,764
18,045
146
Fanatical Meat said:
Per my very brief research the other night the Microsoft authenticator took me to the apple App Store. I assume that means it is good for my iPad too. Hopefully I don’t need to enter it every single time with my outlook app. I hate how apple threads the messages and I hate how apples calendar app works.
Click to expand...

I haven't used MS Authenticator. You could always try it out, and try out another like Authy or Google for a different account and see which you prefer.

I like Authy because of the features it has, but it's not the only one that works. Like multiple devices, encrypted backups.

Pick the one you like, and then start adding accounts one at a time. Let us know how MS's works!

Fanatical Meat said:
Oh god

and thanks guys, I’m not too worried however I want to lock this down.
Former telecom guy here. My account has a pass code I have never used for anything online or phone related like voicemail. I should be acceptably protected from a number port.
I’ll check out some authenticators tonight. I typically like Microsoft for stuff like that since they have skin in the game to prevent failure.
Click to expand...

When I login to AT&T, I have to input my 8 digit code AND 2FA SMS. I leave that on in the settings. And also if I call in, then the rep has to have the code to make changes. The code is stored in my SafeInCloud ATT profile, just gotta look at it ;P It can be any damn thing, I won't remember it 100% cause I don't need to, as long as I can open SafeInCloud I'm good.

I don't even use the "trust this browser" stuff most of most of the time, especially for money stuff (like paypal). I do this to force a 2FA code to be used, for my own peace of mind and to verify it's working.
 
Fanatical Meat

Fanatical Meat

Lifer
Feb 4, 2009
34,564
15,777
136
ch33zw1z said:
I haven't used MS Authenticator. You could always try it out, and try out another like Authy or Google for a different account and see which you prefer.

I like Authy because of the features it has, but it's not the only one that works. Like multiple devices, encrypted backups.

Pick the one you like, and then start adding accounts one at a time. Let us know how MS's works!



When I login to AT&T, I have to input my 8 digit code AND 2FA SMS. I leave that on in the settings. And also if I call in, then the rep has to have the code to make changes. The code is stored in my SafeInCloud ATT profile, just gotta look at it ;P It can be any damn thing, I won't remember it 100% cause I don't need to, as long as I can open SafeInCloud I'm good.

I don't even use the "trust this browser" stuff most of most of the time, especially for money stuff (like paypal). I do this to force a 2FA code to be used, for my own peace of mind and to verify it's working.
Click to expand...

not too worried about att, I canceled that shortly after I was laid off. Been about 8 or 9 years since it was active. I know they restrict the SSN/DOB info well and whatever card was associated with it is certainly inactive. Plus it was my old address.
The authenticators do they “remember” your PCs outlook and phone mail clients. I want to be secure however I am neurotic about checking email it would be a major pain in the ass to authenticate every time I check my email particularly on my iPhone. I can ditch the iPhone outlook app if needed, I just prefer how it looks vs the built in apple mail & calendar application.
I don’t want to be authenticating 36 times per day.
 
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,764
18,045
146
Fanatical Meat said:
not too worried about att, I canceled that shortly after I was laid off. Been about 8 or 9 years since it was active. I know they restrict the SSN/DOB info well and whatever card was associated with it is certainly inactive. Plus it was my old address.
The authenticators do they “remember” your PCs outlook and phone mail clients. I want to be secure however I am neurotic about checking email it would be a major pain in the ass to authenticate every time I check my email particularly on my iPhone. I can ditch the iPhone outlook app if needed, I just prefer how it looks vs the built in apple mail & calendar application.
I don’t want to be authenticating 36 times per day.
Click to expand...

If that's a setting, it would be in Outlook somewhere. The authenticators aren't hooked into the accounts in a way that they can modify anything. It's all from the account side.

That being said, I'm using one at work (developed by my employer) that can accept "push" notifications from my account. So about once a day, usually in the morning (like first time logging in for the day), my internal login can push an authentication to the phone / app associated with my account.

This is the only account I see this from, or get this from, that I can think of off the top of my head. None of my personal accounts will do this. It's just a prompt for a code. None of my MS accounts require it constantly, just occasionally when I login directly. None of my mail apps care either, but I actually haven't used Outlook mobile.
 
Last edited:
Chiefcrowe

Chiefcrowe

Diamond Member
Sep 15, 2008
5,046
177
116
Yes and Authy also supports ipad/ipod touch so you can use the app on multiple devices.

This page shows more detail on how it all works, including multiple device support and backup of authenticator tokens in the event you don't have access to your device and need to set it up again on a new one:

authy.com

Features - Authy

Learn about how to use our free app to enable two-factor authentication (2FA) and add an additional layer of protection beyond passwords.
authy.com authy.com

Assuming that your Outlook mobile app/email system is relatively new it should support modern authentication and you won't have to authenticate every time.

In my experience, I only have to re-authenticate with the Authy app if I have not saved the browser after first log in, using a different browser to log into the site in question (such as gmail), or if I am on a different computer.



Fanatical Meat said:
Per my very brief research the other night the Microsoft authenticator took me to the apple App Store. I assume that means it is good for my iPad too. Hopefully I don’t need to enter it every single time with my outlook app. I hate how apple threads the messages and I hate how apples calendar app works.
Click to expand...
 
Fanatical Meat

Fanatical Meat

Lifer
Feb 4, 2009
34,564
15,777
136
So updates:
I still periodically get bombed with MS password resets. Bombed means around a dozen time over an hour or two. For a bit I was thinking it was some moron or the girl in Ireland that has the same initials and similar email address whom I have gotten emails for.
Then…..
Amazon & Facebook started to get password reset requests.
I have the MS Authenticator running and it is pretty slick. Works well with my iPhone.
Regarding having to authenticate email frequently it doesn’t happen like that. I have done it once and I am set, I saw something about a “secure cookie” or whatever is kept in the app to help with logins.
 
Fanatical Meat

Fanatical Meat

Lifer
Feb 4, 2009
34,564
15,777
136
Still getting hammer so far no breeches, my second email account is getting hit daily sometimes multiple times per day.
Thanks for all the assistance guys.
I am using the Microsoft authenticator and it works good, nags a little bit but a good amount of nagging.
59CE7D1E-6581-436A-8621-9FF4DBDDB4EF.jpeg
8AEE2437-0BFA-425A-8286-AA74C27B0839.jpeg
 
  • Like
Reactions: ch33zw1z
sdifox

sdifox

No Lifer
Sep 30, 2005
94,997
15,121
126
Relax, it's just Jesus trying to reach his flock and needs to borrow your account.
 
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,764
18,045
146
We just switched mobile phone providers and have already been getting 2FA requests when we aren’t requesting them. So I guess that’s how it goes.

I can say I’m a tad frustrated with how some big names have pretty poor 2FA support. Like, phone or email only? No Authenticator support? Lame
 
D

dlerious

Golden Member
Mar 4, 2004
1,785
724
136
I use a Yubikey. They do support some Apple products (iPhone/iPad).
www.yubico.com

YubiKey as a smart card on iOS

Explore how YubiKey brings the power of certificate-based smart cards to iOS devices. Understand how YubiKey, with its PIV-compatibility and multi-protocol support, enhances mobile security.
www.yubico.com
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom