My employer uses the MS Auth app. Now when logging in, it shows a number on the screen that you have to type on the app and then use the finger print. Before it used to be the fingerprint only. Seems like a relatively effective way to ensure people are not just approving everything prompted by the app.
Does anyone know what's the intention in doing this? The default behavior of OTP was afaik always to generate a code on the second device, and input that into the device you are trying to log in with.
I assume Microsoft felt the need to dumb this down so it's easier to just approve it with a click of a button, then after they realized this is bad (that pretty much anyone with a bit of security experience predicted) they now changed this to "input code on second device", instead of just reverting to the default behavior.
All of these are options that your company chooses from. It's possible to have it just show an approve button, to have it show a selection of 3 numbers, or to show the number entry box. Whether or not you are prompted for your password on the device you're logging into is also a decision that your company makes.
