TapTechNews on August 7th reported that according to a source CSONews on August 5th, there is a design flaw in Microsoft's MicrosoftAuthenticator identity verification application, which will override multi-factor authentication (MFA) and cause it to be locked.
TapTechNews quoted the news that MicrosoftAuthenticator has a field usage problem. After users scan the QR code to add a new account, it often overrides the previous account and causes the account to be locked.
Usually, it is unlikely that users will contact the Authenticator application, but will blame the page or service currently using Authenticator for authentication.
The core of this problem is that MicrosoftAuthenticator will override the account with the same username.
Since usernames generally use email addresses, most users' applications use the same username. Other identity authentication applications such as GoogleAuthenticator add information such as banks and car companies to avoid this problem, while MicrosoftAuthenticator only uses the username field.
What's even worse is that after overriding the account, it is difficult for the system to determine which account is overridden, which may lead to identity verification problems for both the newly created account and the overridden account.
And users may try to use the previously created account only weeks or even months later, and by this time the account has already been cancelled.