Security update for Microsoft Authenticator app used for MFA

Microsoft will be introducing a new security feature called ‘number matching’ to the Microsoft Authenticator app.

If you use this app for your multi-factor authentication (MFA) you will notice this change from 22 February 2023. Other authentication methods (such as the Authy app) remain unchanged. 

New Microsoft Authenticator process  

Following the introduction of number matching, anyone who uses the Microsoft Authenticator app will be shown an additional number on their Single Sign-On (SSO) login screen.

Single Sign-On (SSO) screen on computer shows new wording saying 'Open your Authenticator app and enter the number shown to sign in'.  A number is shown underneath that which should be entered into the app before clicking on 'Yes'..

A number will be shown on your computer screen when logging into your Single Sign-On (SSO)

Authenticator app will require a number entering which can be found on the Single Sign-On (SSO) screen on your computer. After doing this, click 'Yes' to complete the authentication.

Enter the number from your SSO login into the app and click on 'yes'

The number shown on your SSO login (illustrated above) should then be entered into the notification on your app and confirmed by pressing ‘Yes’. This will confirm that it is you making the request and will complete the MFA approval process in Authenticator.  

Can't enter numbers in your app? 

If you do not have the option to input the numbers into your Microsoft Authenticator app when requested, it may be that you need to upgrade your Authenticator app to the latest version. This will not affect your second method of authentication, if you have this set up, which you will be able to use as usual.  

If you do not yet have a second MFA method set up this is a great time to do so. We recommend that you explore the other available authentication methods and choose one that suits you best. If you lose or change the device you use for MFA you will need a second authentication method in order to set up a new device. 

Using Microsoft Authenticator on smart watches 

If you use Microsoft Authenticator on a smart watch for approvals, this will no longer be possible when number matching is introduced. We recommend removing the Microsoft Authenticator app from smart watches.  

Do I have to continue using the Authenticator app? 

The number matching feature is being added by Microsoft and we do not have control over this. You may choose to use a different authentication method as mentioned earlier in this article.   

If you have specific accessibility requirements and wish to discuss these with an expert, please contact the central IT Service Desk

Why is this update happening?

Microsoft is changing how you use the Authenticator app to make it make it harder for hackers to access your account. In this case, the additional layer of security is to stop MFA fatigue attacks. These happen when a hacker who has managed to access your password and triggered your MFA, possibly over and over again, is hoping you'll just click 'confirm' without thinking about it, giving them full access to your account. Typing in an extra number on the app confirms that you are aware that it was you who personally triggered the confirmation, and you aren't confirming it for someone trying to hack your account. 

Further information  

We will be updating the MFA help pages to reflect this change in time for the introduction of this new security feature.

In the meantime, for general help with MFA, ask your local IT support in the first instance or check the MFA help pages which are packed with great, easy-to-follow advice. If you still have problems after that you can contact the central IT Service Desk