Comment by mananaysiempre
5 hours ago
Access for those who used a Microsoft account and upload their encryption keys there. While I’m unhappy that most of the users end up using this (bad) mode, previously I was under the impression that there was a meaningful choice involved.
Microsoft has ensured the alternative is nearly impossible, constantly working to block any workarounds that users discover to use a local-only account. And it will even going so far as to silently reset the master recovery key if the original key couldn’t be uploaded (my coworker discovered this to his horror when finding out that not only had it changed his failsafe recovery key again, but also uploaded the wrong key to MDM—all data simply lost)
Yes it does seem prudent to encrypt those keys some other way on the cloud and not add them to the clouds accessible keys.
They also seem suitable for using a secret sharing scheme.
I have Microsoft authenticator requests all day every day. Using aliases has helped but somehow they continue. It's only a matter of time before somehow accidentally I approve.
Which has simply led to me not putting anything of high value in my Microsoft account and not using it for my email.
This happened to me too. The only solution I found was to disable authenticator on the account. Their implementation actively makes accounts less secure.