To work from home on my computer, I’ve needed to use Microsoft Authenticator and a corresponding computer app. I log in with account and password on the computer, then something pops up on screen on the cell phone for me to confirm that I stole AHunter3’s phone along with his laptop and we’re good.
At some point in semi-recent history, it all clamored for me to okay it to upgrade itself, warning me that insecure out-of-date protocols I was using would soon not be sufficient to permit me to connect to the VPN, so I did.
And whereas before I was asked to input a six-digit authentication code from one device to the other, in the newer edition it is a two-digit code.
I briefly tried Googling to find what the thinking behind that change was, but got immersed in pages of people making the usual complaints about the annoyance of two-factor authentication (can’t disagree but wasn’t what I was seeking).
What’s up with this? Why would they move from six digits to two as a supposed step in the more-secure direction?
I do seem to recall that the old system was supposed to let me just click an OK button but it never worked and always required the six digit code. And sometimes the two-digit code doesn’t “take” and I’m asked to enter a six-digit code when I click “that didn’t work” although it’s amazingly inconsistent and unpredictable. (sometimes it resends a second popup of two digits to the phone, sometimes it says “sucks to be you” or equivalent and I have to back out and start over, etc etc).