Most people use a password manager to store passwords, but did you think about recovering your passwords when you lost all your devices? How to get into your password manager when Multi-Factor Authentication is enabled? If you are using the Microsoft Authenticator app, you might want to look at the recovery feature.
Before I tell you why I switched to another authenticator app, I will go through some of the missing features in the Microsoft Authenticator app.
Microsoft Authenticator Missing Features
I am a long-time user of the Microsoft Authenticator app, but some missing features do not make sense. Why can I not search for an entry, for example? Having so many accounts makes me miss a simple search feature. Sure, I can order the entries, but I would like to have a search box better. Why is there no auto-order option either? Manually ordering all entries is a pain, and a simple auto-order would be nice.
I am missing the option to view the token seed of an entry as well. If I could back up a token seed, I can recover a single verification code. The possibility for an encrypted export would also be a desirable feature.
Simple features like icons are not a must but would be a welcomed feature. My biggest concern, though, is the backup and recovery feature.
Microsoft Authenticator Backup and Recovery
When using an iOS device, you will need an iCloud account and a personal Microsoft account to back up the Microsoft Authenticator. When I lose all my devices due to theft or a natural disaster, I can not access my iCloud account since my iCloud account needs Multi-Factor Authentication, which I am trying to restore. The same goes for my personal Microsoft account. So restoring the Authenticator backup is a challenge. I can write down the password for these accounts, but I am still missing Multi-Factor Authentication, and I do not want to have weaker Multi-Authentication methods like text messages.
Let us say I lost all my devices due to theft or any natural disaster. The first thing I would like to access is the password manager to access my passwords. My current password manager contains three pieces of information: An account, a master password, and a recovery code.
I enabled the account with Multi-Factor Authentication, which I did not recover yet. To recover the backup for the Microsoft Authenticator app, I will need my iCloud and personal Microsoft account. The password manager contains the passwords for both accounts. I cannot access my passwords since I do not have access to the password manager due to Multi-Factor Authentication.
A simple fix would be to back up the token seed for those accounts, which I can write down and store in a secure place, but the Microsoft Authenticator app does not support that.
Recovering an iCloud and personal Microsoft account with Multi-Factor Authentication enabled is not that easy either due to a strict process, if it is even possible.
I created an overview to see what I need to recover my passwords when Multi-Factor Authentication is enabled:
Maybe it is an idea to create the same to see if you do not lock yourself out when recovering all your passwords.
All missing features mentioned above are available in the Raivo OTP app, but most importantly, I can back up a single token seed for a single entry. With this single token seed, I can recover my iCloud account, which contains the encrypted database for Raivo OTP. The only thing I need to write down is:
- The recovery code for my password manager
- The iCloud token seed for Multi-Factor Authentication recovery
If I write down the recovery code for my password manager and the token seed for my iCloud account, I can recover all my passwords with Multi-Factor Authentication enabled.
I want to end on a positive note. Microsoft Authenticator does have excellent features like push notifications, notification when an authentication method got deleted from my Microsoft account, and Apple Watch support. Even though these are fantastic features, I switched to the Raivo OTP app by Tijme Gommers for all my verification codes due to the backup and recovery feature.
Please rethink if you can recover all your passwords from your password manager and all account with Multi-Factor Authentication enabled.