this post was submitted on 18 Sep 2023
488 points (99.2% liked)

Sysadmin

7566 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago (2 children)

Hmm, by using Authy I wouldn't receive these. They'd just be asked for the current code and unable to proceed.

On the one hand I'm happy not getting spammed like you with 2fa requests. On the other, I think I'd like to know if any of my user/password pairs have been compromised.

[–] [email protected] 4 points 1 year ago

I imagine at some point it could be added to the Have I Been Pwned tool, which you can use to check for the presence of your credentials being in a data breach.

[–] [email protected] 3 points 1 year ago (1 children)

Tbh I am not sure what he is talking about. I didn't know Microsoft had 2FA by mail. They have their authenticator app, sms, physical key, windows auth (or whatever is called that the PC acts as key/2fa). I know of one case where you can get invited to an org and if you don't have an azure account the login is done by a mail they sent you, but I wouldn't call that 2FA. But I guess here is a mail version I didn't know about.

[–] [email protected] 2 points 1 year ago (1 children)

Oh you're right. I thought it was notification spam to the phone/watch that @Random_user was complaining about.

There is an email MFA method for Hotmail/LiveID accounts, but M365 doesn't have email as an authentication method. There's Authenticator Lite, which comes through as a notificataion through the Outlook App on the phone, though. Not so many organisations use it because it's fairly new and we've mostly been doing MFA for years by now.

[–] [email protected] 3 points 1 year ago

Pretty sure the person who said they are getting 2fa emails was meaning that they are getting email alerts from Microsoft that says "we blocked these logins. Were they you?"

Some service providers do this when they see large attempts to access accounts fail due to 2fa blocks.