Skip to main content

Microsoft Authenticator Number Matching for MFA

January 18, 2023

Number matching is a key security upgrade to traditional MFA notifications. It provides additional context to the login and prevents MFA fatigue attacks.

Microsoft will start requiring number matching for all users of the Microsoft Authenticator mobile app starting February 27, 2023.

 

What does this mean for you?


If you are not using the Microsoft Authenticator mobile app for Multifactor Authentication, then you are not impacted by this change.

If you are using Microsoft Authenticator, when you log into LawKey and are prompted for MFA, you will be presented with a 2-digitnumberon your login screen. You will need to type that number into the Microsoft Authenticator app to complete the approval.

Number matching and additional context multifactor authentication example

 

Known issues:

Number matching isn’t supported for Apple Watch notifications. Apple Watch users need to use their phone to approve notifications when number matching is enabled.

If you are running an older version of Microsoft Authenticator that doesn’t support number matching, multifactor authentication will not work. You will need to upgrade to the latest version of Microsoft Authenticator to use it for sign-in. The minimum version required for Android is 6.2006.4198, and the minimum version for iOS is 6.4.12. You can view your current app version by clicking on the three dots or three lines in the upper-right corner of the Microsoft Authenticator app, selecting Help, and then looking for “Application version”:

 

Click the three dots or three lines in the upper right corner of the Microsoft Authenticator app.

 

Select Help.

 

Check the Application Version.

 

Some older versions of Microsoft Authenticator will prompt you to tap and select a number instead of entering the number in their Microsoft Authenticator app. These authentications won’t fail, but we highly recommend that you update to the latest version of the app to be able to enter the number.

If you are logging into Outlook mobile from the same device on which you’ve installed Microsoft Authenticator, your number matching pop-up window will include a “I can’t see the number” button (see image below). You can click “I can’t see the number” to temporarily hide the number matching pop-up window and reveal the 2-digit number blocked by the pop-up. The pop-up window will re-appear after a few seconds so you can type in the 2-digit number.

 

Microsoft Authenticator MFA number matching large font bug.