Microsoft Account with 2FA + Enpass App

[PepeCZ 5]

Guys good feature for future will be if we can add 2FA into Enpass for Microsoft Accounts.

Now is this last one my account where I must using Microsoft Autenticator, because this is my last one 2FA which Enpass not support.

Ps, two years back I used for 2FA only Microsoft Autenticator with cloud save. But as Enpass released this feature directly into Enpass so I start migrate and now I miss this last one. So I hold Enpass team fingers for some solution (Microsoft Account with 2FA + Enpass).

[PepeCZ 5]

Because If I open Microsoft Autenticator for Microsoft 2FA, so here is right 4 NUMBERS + 4 NUMBERS

But when I added Microsoft 2FA into Enpass, so in this app are only 3 NUMBERS + 3 NUMBERS

[Pratyush Sharma 98]

Hi @PepeCZ,

Thanks for your suggestion.

We have noted down your valuable suggestion and forwarded it to the concerned team for further consideration. Thanks for your feedback!

[brunovieira97 1]

I don't understand this feature request. Microsoft accounts are compatible with 6-digit TOTPs that Enpass generates. I use it for all my Microsoft accounts (personal, work, school).

If Microsoft Authenticator generates another pattern for TOTPs (such as aforementioned 8-digit), that's a completely different question: it's a Microsoft app that uses a specific standard.

I suggest @PepeCZ to simply disable 2FA on the MS Account and set it up using the option for a generic app (typically they relate this to a Google Authenticator icon), it's all compatible. 

[PepeCZ 5]

@brunovieira97 Yes, Microsoft account is compatible with 6digit, but why not use 8digit in enpass app, for example same as in Microsoft Autenticator.
I mean if exist any method, how improve application Enpass in this, for use 8digit for Microsoft account, so I am definitely in favor of this improvement.

[brunovieira97 1]

@PepeCZ as I said in my previous comment, I believe that would not be possible to achieve.

You see, TOTPs (the numeric codes) follow a standard that allows a 6-digit or 8-digit number to be generated. When you go to Microsoft's website and set up your 2FA, they give you 2 ways to do so:

1. Use the MS Authenticator app and its proprietary format, generating 8-digit TOTPs
2. Use a generic authenticator app, such as Google's, Enpass' and so on, generating 6-digit TOTPs

Going from 6-digit to 8-digit is fairly simple: you would just generate a URI (or QR Code for it) containing digits=8 as a parameter. So Google Authenticator, Enpass, and all of those aforementioned generic apps would give you 8 digits. But Microsoft doesn't do that. I have just edited my MS account on Enpass and confirmed Enpass does support 8-digit TOTPs.

But if you compare the 8-digit ones that Microsoft uses with third-party apps to the ones generated in their proprietary app, you will see that they don't match up. Microsoft uses a different algorithm for their proprietary app, and when you log in and give you the TOTP, they will only accept:

1. 6-digit from generic apps (using the standard algorithm)
2. 8-digit from their proprietary app (using their own unique algorithm)

If Microsoft gives you a QR for 6-digit on any app that's not their own, you can't use 8-digit.