Security update for Microsoft Authenticator app used for MFA
From 22 February 2023, number matching will be added to the Microsoft Authenticator app used for multi-factor authentication
Microsoft will be introducing a new security feature called ‘number matching’ to the Microsoft Authenticator app.
If you use this app for your multi-factor authentication (MFA) you will notice this change from 22 February 2023. Other authentication methods (such as the Authy app) remain unchanged.
New Microsoft Authenticator process
Following the introduction of number matching, anyone who uses the Microsoft Authenticator app will be shown an additional number on their Single Sign-On (SSO) login screen.
A number will be shown on your computer screen when logging into your Single Sign-On (SSO)
Enter the number from your SSO login into the app and click on 'yes'
The number shown on your SSO login (illustrated above) should then be entered into the notification on your app and confirmed by pressing ‘Yes’. This will confirm that it is you making the request and will complete the MFA approval process in Authenticator.
Can't enter numbers in your app?
If you do not have the option to input the numbers into your Microsoft Authenticator app when requested, it may be that you need to upgrade your Authenticator app to the latest version. This will not affect your second method of authentication, if you have this set up, which you will be able to use as usual.
If you do not yet have a second MFA method set up this is a great time to do so. We recommend that you explore the other available authentication methods and choose one that suits you best. If you lose or change the device you use for MFA you will need a second authentication method in order to set up a new device.
Using Microsoft Authenticator on smart watches
If you use Microsoft Authenticator on a smart watch for approvals, this will no longer be possible when number matching is introduced. We recommend removing the Microsoft Authenticator app from smart watches.
Do I have to continue using the Authenticator app?
The number matching feature is being added by Microsoft and we do not have control over this. You may choose to use a different authentication method as mentioned earlier in this article.
If you have specific accessibility requirements and wish to discuss these with an expert, please contact the central IT Service Desk.
Why is this update happening?
Microsoft is changing how you use the Authenticator app to make it make it harder for hackers to access your account. In this case, the additional layer of security is to stop MFA fatigue attacks. These happen when a hacker who has managed to access your password and triggered your MFA, possibly over and over again, is hoping you'll just click 'confirm' without thinking about it, giving them full access to your account. Typing in an extra number on the app confirms that you are aware that it was you who personally triggered the confirmation, and you aren't confirming it for someone trying to hack your account.
Further information
We will be updating the MFA help pages to reflect this change in time for the introduction of this new security feature.
In the meantime, for general help with MFA, ask your local IT support in the first instance or check the MFA help pages which are packed with great, easy-to-follow advice. If you still have problems after that you can contact the central IT Service Desk.
