I installed Microsoft Authenticator a while back on my wife’s iPhone, and set it up with her outlook.com account along with some other accounts. Lately she has been getting requests from it to approve a sign in from a new device, which she has declined.
I decided to look into it today. I tried signing in to her outlook.com account from my browser, and was surprised to see that it sends out that request to her authenticator app without asking me to provide a password first.
I thought 2 factor authentication required both the password and the authenticator approval. Thus the “2 factor”.
But all that is required is for the phone’s Microsoft Authenticator app request to be approved, and then I was in her email.
I would like the correct password to be required first, and then the authenticator request sent.
As they say: “Something you know and something you have”
I’ve gone into the Outlook.com security settings but don’t see a way to make this happen.
Any ideas?
Thanks
