FLORIDA — A Niceville reader feared she gave hackers access to her Microsoft account by approving a suspicious authentication request. In this week’s It’s Geek to Me, Jeff Werner explains how Authenticator works and how smart follow-up steps can keep your account secure.
Niceville.com Community Partner
QUESTION:
I think I did something very stupid yesterday. I received an unsolicited request from Microsoft Authenticator on my Android phone for my personal Hotmail account. Now, I receive Authenticator requests from my work email periodically to sign into those accounts which are valid. So, I thought this was the same thing.
I tried to actually get to my Hotmail account but I could not get past Authenticator and I somehow hit the “correct” number and approved the request. So, what I think I might have done is give a hacker access to my Microsoft account.
I changed my password immediately. I got on a chat session with Microsoft later yesterday. They checked my account and saw no unauthorized sign-ins. When I look at the activity on my Microsoft account, I do not see any successful sign-ins except from me.
Is there anything else that I can do to protect my account? I have two-factor authentication, but everything that I tested yesterday bypasses my Microsoft password and goes straight to Authenticator to allow access.
I am very grateful that I can still contact you with these types of questions. I miss your weekly column in our local paper. Thanks for all of your help.
– Mary Ellen M.
Niceville, Florida
Niceville.com Community Partner
ANSWER:
I think you are being a little hard on yourself, Mary Ellen. We all make mistakes, and I’ve heard some doozies in my time.
You didn’t fall for the old Nigerian Prince scam and give away your entire life savings. You didn’t believe a voice on the phone telling you he was your grandson, and pleading with you to send bail money but not to tell Mom. You didn’t fall for a message on your screen claiming a “critical error” and call a phony Microsoft 800-number and grant full access to your PC to someone claiming they are going to fix your problem while all the while they are working diligently to steal your personal data, lock your files, and implant malware.
You see, there are a lot of scams out there, and it’s quite difficult to avoid them all. I’ll talk more about that in a minute.
Let’s first explain what Microsoft Authenticator is, for my readers who may not be as familiar with it as you are, Mary Ellen. Authenticator is a free app for your smartphone that provides extra security for online accounts. It provides a central nexus for multi-factor authentication (MFA) allowing you to approve sign-in requests, store passwords and account information, and more.
You can use it to sign into your Microsoft, and other supported accounts using facial recognition, your fingerprint, a PIN, or a combination of these. It can automatically fill passwords for a variety of online accounts, easing the burden of signing into different sites and web services. It can even back up your account credentials and settings, making it easy to recover them on a new device.
When an app provides such a large variety of security services, it is a natural target for that class of people who are determined to make over the Internet from a wonderful place of free information interchange to a dangerous quagmire where one has to watch where they place every footstep, lest they get sucked down and under.
As I said above, it’s easy to make mistakes, but I have to tell you, Mary Ellen, it looks like you made a small mistake, but then proceeded to do everything right. You changed your password, which is almost always the first step to take when you think your credentials have been compromised. You then followed up with both Microsoft, and by doing personal scans of your account activity.
To directly answer your question, other than avoiding the mistake in the first place, I don’t think there’s anything else you could have done to ensure the integrity of your account data. All in all, I would say “Well done.”
Thanks for the kind words about the availability of my column. I just hope I can keep it up. See below for my latest plea.
– – – – – – –
Happy Birthday to Me! Yes, it was my birthday this week. You want to give me a present? Send me a question or two that I can use in the column!
In case you haven’t heard, my queue has been running on fumes for several months now. Without questions to answer, the column is heading for an early demise.
You can help prevent this tragedy! Visit the column’s website to get started. Like everything else having to do with I.G.T.M., it’s free, free, free. Isn’t that a great word?
To view additional content, comment on articles, or submit a question, visit my website at ItsGeekToMe.co (not .com!)
Jeff Werner, a software engineer based in Niceville, Florida, has been writing his popular “It’s Geek to Me” tech column since 2007. He shares his expertise to help readers solve everyday tech challenges.
