Multi-Factor Authentication for people without a Smart Phone?

Steel Contributor

Howdy,

 

We have a couple people who don't have Smart Phones and need to use MFA.  We don't want to use a simple Text Message if we can and prefer to use something a bit more secure.  I found there is an Authenticator App for Windows 10 but it doesn't seem to work with O365 accounts.

 

Are there any sort of keyfob dongle or USB dongle thing that work with Office 365 that we can get for people who don't have smartphones?  I've used the kind where the number on the fob changes every minute just like an authenticator app would but that was many years ago.

 

If anyone knows something we can use to make this work, let me know.

 

Thanks!

9 Replies

Support for hardware tokens, FIDO and other methods is coming soon, as announced in this Ignite session: https://www.youtube.com/watch?v=Au7spkRcDFU

Passwords are the weakest link for security and your business. Learn about new and enhanced solutions that can help you provide secure, password-less options for your users to help protect your company from password spray, phishing and other attacks. Get the latest info and demos on what's new ...

I forgot to mention that we have a local AD system that syncs up to Azure AD.  I don't know if that changes anything or not.  We are using Exchange, Teams, etc in Office 365 have AD syncing.

 

Thanks.

I use WinAuth.exe on desktop/Laptop to create MFA for people without SmartPhone.

Works as a charm .

 

cheers.

Jan Swinkels

well if you are using your laptop / desktop to access o365 on the same machine winauth is running, you're not exactly using MFA :P.

Hi @VasilMichev , I have a customer with a similar situation wherein they would like to use UB keys , but they dont have an option to leverage that option at the time of configuration, wherein it still prompts the user to use the authenticator app .

@Rahul_SinghWe use the SafeID/Mini tokens from here:

http://www.deepnetsecurity.com/authenticators/one-time-password/safeid/

They work great for those that don't have, or don't want to use, a smartphone.

@Mike Boehm 

 

you may want to use 1Password. That has a client app or a browser addin that can generate OTP's

 

https://support.1password.com/one-time-passwords/

Come on Microsoft, my client is blind and uses voice for everything.  Please why cram authenticators down everyone's throat?  I understand the importance of two factor.
PLEASE ALLOW SKIPPING TO A PHONE CALL, TEXT, ALT EMAIL or SECRET PASSWORD like app password  to allow passage through the Monty Python MFA Troll Bridge.
The poor guy CANNOT SEE the Q-Code, much less enter the numbers if sent to an app. He can HEAR the codes if we can set it up for a phone call, or hear his alternate email when the PC or phone reads it to him.  I can turn off MFA in Azure, but rather not. 

fido or one time passwort(otp)