none
Why is Screen Lock Password Required Every Time? RRS feed

  • Question

  • Every time I get a notification from the Microsoft Authenticator app to approve a sign in, when I tap "Approve" I am then prompted for my phone's screen lock password. Is this expected behaviour? It seems very tedious, and unnecessary since I've already unlocked my phone in order to approve the sign in.

    If this behaviour is not normal, does anybody know how to stop the app prompting me for my password every time?

    Monday, September 11, 2017 8:41 AM

All replies

  • Hi Phil,

    You are right, it is a by design behavior.

    Microsoft Authenticator app provide two=step verification.

    There are two scenarios:

    If we login Azure account on Azure portal, portal requires a password, in this scenario we can approve the push notification above the lock screen.

    If we login Microsoft account without input the password (browser remember your password), we should unlock the screen then approve it.

    All those are by design behavior, two step verification means password and approve notification, or the password of device and approve the notification.

    Best regards,

    Jason


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 12, 2017 5:43 AM
  • Thanks for your answer Jason, that makes sense, except that I'm getting asked for my phone's password even when my phone is already unlocked. Even when I'm already in the Microsoft Authenticator app, in fact! Seems a bit excessive to me!
    Tuesday, September 12, 2017 9:06 AM
  • Hi Phil,

    For example, if your phone is unlocked, and your friend get it and try to login your Microsoft account, in this scenario, he will login your account.

    But if Microsoft Authenticator App require your password of your phone, your friend will can't login your account.

    This design is for security.

    Best regards,

    Jason 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 12, 2017 9:19 AM
  • As of today, Sept 28th 2017, with Authenticator 6.2.1 on Android (7.1), the Authenticator would do the following upon receving a login request (when a password is provided from the web login):

    1. Allows approval action to be carried out against the request without unlocking the phone.  And,

    2. Unlocks the phone automatically without requiring the user to authenticate through the configured factors on the phone.

    Number 2 is a major flaw in the design of the Authenticator as it compromises the authentication factor / posture configured on the phone, whatever that factor might be.

    This exposes the data on the phone by knowing a factor/password that isn't part of the phone's authentication factor.  i.e. Me knowing a password to Hotmail shouldn't bypass the the PIN factor configured on the phone which compromises the phone's data.

    There doesn't seem to be a configurable option in the Authenticator to change this behaviour.

    In short, this is kind of like "I have a key to my house...and with this house key, I can unlock my deposit box at the bank even though the bank has its own security measures"

    • Edited by Chatbox1024 Friday, September 29, 2017 5:50 AM
    Friday, September 29, 2017 5:48 AM
  • I have version 6.2.1 of the app on Android 7.0 and I can confirm that when I try to use the Authenticator app instead of a password, tapping on the notification on my phone does not unlock it, nor am I able to authorise the request without unlocking my phone. In fact, even after I've unlocked my phone with my fingerprint, when I then approve the login request I am prompted to enter my phone password in full, which is the stupid gripe that I had when I started this thread in the first place.

    Friday, September 29, 2017 9:09 AM
  • I totally agree with Phil, and agree that this option is not only redundant but stupid. Whats more amazing is the fact that 2 whole year has passed since this stupidity was highlighted but still design and decision makers at MS still haven't figured why they should not save their users the hassle of entering the phone password AGAIN, when the phone was unlocked with the phones password by its owner. If people @MS are arguing the highly unlikely event of someone else having your phone and also your password, and is trying to approve the outlook login, then maybe they should have access to the goddamn account, if the owner is a retard enough to not keep the phone with him at all times or incapable of keeping it's passcode secret.
    Seriously, are we the only users bothers by this? Didn't MS received enough feedback's already to revert this redundancy? If it wasn't for the OneDrive pricing / offers, I would have dumped MS for ever. As it is their OS is an eternal mess, and full of similar stupidities and disconnects. (Now we have both the control panel and the settings, as if both couldn't be merged to give their users a seamless experience. And this is just the tip of the iceberg). If only I was incharge of approving or amending MS OS designs flaws.
    Waiting for the day Apple can launch a decent MBP, so that I can finally make a complete ecosystem move. 

    Friday, June 28, 2019 7:00 AM