Add TOTP support to B2C (e.g. Google Authenticator)
Add support for TOTP (e.g. Google Authenticator) to B2C.
The current MFA support is very limited, SMS is already regarded as non-secure due to the lack of security in SS7 (https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin).
Support for TOTP (Time based one time password) should be added and is already widely available e.g. support Google Authenticator. Please avoid a Msft eco-system only approach (e.g. only support Msft authenticator - this is not as widely used).
Katz Sakai commented
Alex Weinert from Microsoft Identity Division says "It's Time to Hang Up on Phone Transports for Authentication"
Then, why don't you support TOTP as a build-in standard feature in Azure AD B2C?
Basil Twisleton commented
This seems possible with a Custom Policy, havent implemented it yet though. Would be nice if it was integrated into the standard policies/configuration.
Sam Harris commented
Any updates on this? Timeline for implementation, etc?
Microsoft Authenticator, Google Authenticator, Authy