Transcript
A wafrn woot (post) by @tinker@infosec.exchange saying “Microsoft Authenticator needs me to validate with Authenticator in order to log in with Authenticator to use it to authenticate another app with Authenticator. Here is the app telling me to open itself to validate itself with itself. #infosec #iHateComputers” It has a screenshot showing the microsoft authenticator app.
I broke my phone, and this actually happened to me. Google had set my old broken phone as a default passkey without my knowledge, back when they were rolling it out. My sim card was retrievable, so I used SMS to get in after my password. Turns out, that’s not good enough. It took me days to get into my idiotic accounts (including Google authenticator for work) because of all the security hoops, even with backup codes, password managers, and a SIM card.
My saving grace was Firefox Sync, which allowed me to get into Microsoft accounts and slowly start unwinding Google’s insane requirements.