Transcript
A wafrn woot (post) by @tinker@infosec.exchange saying “Microsoft Authenticator needs me to validate with Authenticator in order to log in with Authenticator to use it to authenticate another app with Authenticator. Here is the app telling me to open itself to validate itself with itself. #infosec #iHateComputers” It has a screenshot showing the microsoft authenticator app.
This is where you’re supposed to run the find my phone from another device where you’re already signed in, such as your laptop at the hotel room. Or alternatively have one of your partner’s accounts as a backup 2FA method since your partner probably didn’t lose their phone at the same time.
If anyone can sign into the account and lock the phone as lost with just a username and password then the moment your username and password are breached/guessed your entire account is as good as gone
A lot of people here are treating me like I’m stupid when my only point really is that Google knows the one way I cannot recover my phone was with the phone itself so it’s not a smart design to offer that. Carrying more devices isn’t a real option either, so I get that technically it’s possible, but smarter people than I should’ve come up with something better by now. No one can carry or afford a backup phone.