Microsoft calls time out on Apple Watch Authenticator
Using an Apple Watch as a device to authenticate access to enterprise sites and services using Microsoft Authenticator is a convenience that’s about to go away. Microsoft says the feature will stop working after an Authenticator update scheduled for next month.
Microsoft Authenticator makes it easy to sign into Microsoft accounts, supported apps or services using two-step verification. Authenticator also generates one-time use codes, so you needn’t wait for text messages or calls to access your accounts.
Sites, software, and services use two-factor authentication (also known as multifactor authentication), to prevent people from accessing your accounts, even if they know your passwords.
The decision to remove support means the Authenticator you may already use with your Watch won’t work anymore. And it will no longer be possible to download the app for the popular wearable. (Authenticator will continue to work with your iPhone, though.)
Microsoft has said the removal of support is because Apple Watch will no longer support some Authenticator security features. As I understand it, this probably relates to the Number Matching Microsoft will enforce in Authenticator beginning in February; that isn’t supported for Apple Watch.
On a support page explaining the move, Microsoft said:
“In the upcoming Authenticator release in January 2023 for iOS, there will be no companion app for watchOS due to it being incompatible with Authenticator security features. This means you won’t be able to install or use Authenticator on Apple Watch….”
“This change only impacts Apple Watch, so you will still be able to use Authenticator on your other devices.”
The affect of the change is likely limited. Not only will it remain possible to use iPhones with Authenticator, but there are also alternative systems that can work along side Microsoft’s. And we know Apple, Microsoft, Google, and others want to replace passwords with Passkeys.
The latter promise to deliver a more convenient and secure alternative for security; it seems inevitable that biometrics, such as with Apple Watch, will eventually form part of that future. Watch this space.
Meanwhile…
Apple now has an authentication tool built into iOS you can access and use in Passwords inside Settings, though this may not be enough to replace Microsoft’s own security. There are alternative tools to handle two-factor authentication that do still offer an Apple Watch app. Authy is one such tool, but it may not be acceptable at your company since it lacks support for MSAuth notifications.
If the alternative works within your own company security policy, Authy can be set up to replace Authenticator while still policing access to Microsoft services. The process of doing so is described in an Authy tech support note, available here. There’s also an extensive Reddit discussion on alternatives to Authenticator (including some criticism of available options) here.
There are also other alternatives that work with the iPhone, some of which don’t necessarily offer Apple Watch apps, including, Google Authenticator, LastPass, WatchGuard, Auth0.
There are two ways to delete the app from your Watch once it becomes useless, one using the watch, the other using your iPhone.
Follow these steps to delete an app on the watch:
To delete the app on your iPhone, open Watch>My Watch and scroll down the page to find Authenticator, tap it, and turn off Show App on Apple Watch.
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.