Microsoft Authenticator not working

The Microsoft Authenticator is not working on my FP4?
The codes shown are not valid and get rejected. So right now I use my old phone to do Microsoft Authenticator. That’s quite annoying.
Has anyone experienced the same?
How can I get it solved?

For me the Microsoft Authenticator has always worked on my FP4.

If it’s not working at all for, maybe a quick check would be to uninstall the app and then install it again for a fresh start.

Maybe one question: IIRC usually when setting up an account in an authenticator app, one needs to enter one or sometimes several valid codes before the setup is complete.
Are your codes rejected during setup? Or was the setup successful and only later codes get rejected?

Ah, and while I’m typing, one more thing. AFAIK those codes need to have a synced clock between the service and your device. Is the date and time on your FP4 correct? After a quick web search it seems it all wont work if the phone clock is 30s off or more.

4 Likes

Thanks for your reply.
I actually just re-installed it because it was not working before either.
There is no problem to get it installed (because the codes needed come from my old phone).
After that - nothing worked. AGAIN
I have googled the time-sync-issue as well. But I have no clue on how to get it synchronized? So I gave up on this one?
Do you know how I synchronize the time?
I use the network provided time…

Regards M

If you need to (but looking at your screenshot I don’t think so), you could disable the Use network-provided time toggle and set your time manually then.

No solution, but an alternative:
It seems possible to use other apps for the authentication. If you have one installed already, you could disable the Microsoft app on your old phone and add your Microsoft account to the one on your FP4.
https://answers.microsoft.com/en-us/msoffice/forum/all/using-a-different-authenticator-app-for-2fa/9202e8b5-d859-445c-80fa-61c0e04a1ebf

This should work like @Ingo describes so you can’t lock yourself out of your account.

There are several open-source apps on F-Droid and in the PlayStore, like Aegis:

Be sure to include them in your backup, some services are really strict if you can’t pass 2FA.

2 Likes

Thanks for your reply
I actually have to use the Authenticator for my University (among others).
I have tried to install another app - but I am not technical enough to figure out how it works (I was so happy and very impressed when I got it working on my old phone :joy::joy::joy:). So I ended up deleting the other app again. :flushed:
I don’t dare to uninstall the app - what if I cannot get the other app working?

Looking at the screenshot the date/time settings seem ok to me.

There is no need to uninstall or deactivate a working app. For these 2FA methods that use a time-based one-time password you could in principle install as many apps as you like in parallel on as many devices as you like. They don’t interfere. Definitely keep the one that’s working and you’re good to go.

I personally use https://play.google.com/store/apps/details?id=com.authy.authy in addition to the MS Authenticator.
If you want to try that, after installing you have to tap the three vertical dots


And then you can “Add account” which lets you scan the qr-code you need.

3 Likes

I will try that - thx :blush:

1 Like

+1 for Aegis, works like a charm !

How do I create an account if I have no clue where to find the QR?

A word of caution. because the paragraph above is rather general and under some circumstances you wouldn’t be good to go while keeping a working 2FA entry on one device.
To be more precise what I meant: when you set up a 2FA for one service you can use the same QR code as often as you like, i.e. scan it with different apps/devices.
What does not work: set up 2FA on device A successfully and some time later set up 2FA for the same service on device B. That would create a different QR code. And by successfully setting up the 2nd one, it will invalidate the 1st one on device A.

How did you get the MS Authenticator App on your FP4 to display codes (even if those turn out not to work)?

This never happened to me. How many accounts do you have in the app? Does the problem apply to all of them? If you have only one, just delete it and set it up again.

BTW: I would recommend using Aegis instead of Microsoft or Google Authenticator. It is open source and can backup its database, which makes switiching phones much easier. No need to disable and re-enable all 2FAs. Also, you can protect access to the app itself, e.g., using your fingerprint sensor (biometrics). For pure Microsoft accounts it is a bit less comfortable, since you have to enter the OTP instead of simply confirming a notification, but for more than one account is is clearly the better solution.

Best wishes,
Thomas

2 Likes

Part of setting up a new 2FA is usually to “prove” to the service that the app generates codes correctly. For this purpose, a currently valid code has to be entered to finish the setup phase. Doing it this way ensures that the whole process was successful. I can’t guarantee that MS does it like this, but would be surprised if they didn’t. Can you say anything about what happens there for you? If you enter a code from your old phone to finish the setup of the new phone, this will usually not work as different codes are generated by both devices. It might either lead to an error and will (silently) keep using the old setup.
Special care has to be taken with those services that only support a single 2FA device at the same time: The old device/secret will automatically be invalidated in this case. Again: No idea how MS handles that.
For services that do this, you have to make sure to either keep the secret/QR code or setup all required devices/apps at the same time so that they share the same secret.

I am actually not sure?
Maybe that’s why it won’t work.
I think I used my mail and codes from the old phone? But Authy won’t let me do that…

I’m not sure how to help here.
My guess is first you need to check the documentation of the service how to do the 2FA setup, mainly where to initiate it on their page.

I actually have the same issue.
A couple of more things that maybe shed light on what might be happening:
I use Office 365 on my laptop and on my iPad, both of which have issues generating Authenticator notifications from my FP4.

  1. It starting happening after the latest OS update (end of August I believe), before that I did not have any issues
  2. I have now re-installed the MS Authenticator app several times
  • When setting up the 2FA using MS Authenticator for the first time, the first request for authentication (to confirm the app is generating responses) does come through, resulting in a successful setup of the App.
  • Any subsequent notifications however do not manage to get to the phone/App from my laptop
  1. The codes generated by the Authenticator app also do not get accepted as 2FA responses (which should normally work as this is the fallback when the phone is offline)
  2. Interestingly enough, when I access the office 365 environment through the browser on my phone, the notifications do make it through to the App. Which seems to suggest there is something off between the FP4 and the other devices.
  3. My phone takes the network time, less then 1 sec time difference between the phone and other devices.