Originally Posted by supton
I haven't spent much time with it, but now realize that I've been conflating two different systems. At work we use MS Authenticator which lives on the smartphone. Now IT made it sound like they themselves had to be involved when I changed phones--but my tech savvy coworker says he's moved between phones and handled it himself--so I'm not sure to what extent it involves a third party. Seems like something I should be able to move by myself. But on my retirement stuff it is a different in that it texts me a code which I then enter into the website, no app involved.
Two different systems. The MS one is annoying only because it's random, it seems, but it's probably doing it every 2 weeks. It's just that when it does it, I have to "approve" every location (?) and every device for that day.
Both systems are MFA. Many account providers will allow you to use either SMS or an Authenticator app, both have their pros and cons. The Authenticator app doesn't tie you to SMS, but if you lose your phone, recovering it can be problematic if you didn't properly secure the recovery code for each of the accounts being secured in this manner, and that in itself is a potential security issue. SMS is dramatically more simple, but, if somebody is [censored]-bent on getting your info and already has your password, SIM cloning/SMS hijack is possible.
Ultimately, as I stated earlier in the thread, both will protect you against the typical Russian/Chinese/Indian phishing scam, which, in my experience, is the most common means of having one's account hijacked.