Forum Discussion
MFA without a Cellphone
This is becoming a bigger issue more and more. We cannot, as a company, require our Employees to use a personal cellphone to get text codes or install work apps to authenticate our work accounts. ...
According to Token2 it must be possible to setup a FIDO2 key without any other MFA (Except from a TAP), but for me still no luck. Anyone already a proper solution? Microsoft Support cannot solve it either...
https://www.token2.com/site/page/office-365-protecting-user-accounts-with-fido2-keys-without-mfa?azure
Perhaps you could first set up an account using your cell phone, then add the FIDO2 key, then remove your cell phone?
In any case this has inspired me to start setting up TOTP for all our new accounts. For new hires, I have been setting up a Keepass file for them with all their business password and other info (server accounts, MS account info, etc.) which can be read by a variety of software on various platforms (KeepassXC, Strongbox on macOS and iOS, Keepass2Android on Android, etc.) and each of these platforms can also generate TOTP keys when given the appropriate "shared secret". I think for the new hires I will get that info into their file right from the get-go and they can use it for MFA in addition or instead of the other methods available to them.
In any case this has inspired me to start setting up TOTP for all our new accounts. For new hires, I have been setting up a Keepass file for them with all their business password and other info (server accounts, MS account info, etc.) which can be read by a variety of software on various platforms (KeepassXC, Strongbox on macOS and iOS, Keepass2Android on Android, etc.) and each of these platforms can also generate TOTP keys when given the appropriate "shared secret". I think for the new hires I will get that info into their file right from the get-go and they can use it for MFA in addition or instead of the other methods available to them.
