0
Pending Review

The embedded MFA signature embedded into the generated QR Code should be unique for each site

OWEN BRUNKER 2 months ago 0

I use Microsoft Authenticator for my MFA configurations.  When presented with a QR Code to scan, there is a text signature identifying the site, and a secret.  The text signature should be unique to the site, allowing for different codes to be generated for each site.

ie.

cloud.screenconnect.com is one site

mycompany.screenconnect.com is another site.

I have have attempted to set up a record for each site, only to accidentally lock myself out of cloud.screenconnect.com.


I set up cloud.screenconnect.com first.  I then set up MFA for mycompany.screenconnect.com

Because the signatures used for the two sites are the same, one overwrote the other.  This locked me out of cloud.screenconnect.com.

I don't like the idea of having a common secret between the two sites.  Either site requires its own login with a different password.  It is obvious that the secret for Authenticator should be different too.  So the text signatures between the two sites should also be different.

Thank you.

Available in Version: