Transcript
A wafrn woot (post) by @tinker@infosec.exchange saying “Microsoft Authenticator needs me to validate with Authenticator in order to log in with Authenticator to use it to authenticate another app with Authenticator. Here is the app telling me to open itself to validate itself with itself. #infosec #iHateComputers” It has a screenshot showing the microsoft authenticator app.
It’s ultimately the challenge that 2FA is a combination of 2 of the following: something you have, something you are, or something you know. Or as a Cisco security engineer once put it in a talk, a combination of something you’ve lost, something you’ve forgotten or something you were at one time but are no longer.
Ultimately, authentication sucks and there’s really no better way to do it for individuals than just having multiple backup methods, which of course is more opportunities for account compromise. It’s a lose-lose-lose situation