Microsoft Authenticator brings two-factor logins to your Apple Watch

Two-factor authentication on Microsoft platforms doesn’t have to be a pain in the rear end. That seems to be the takeaway from Microsoft’s Monday announcement of a new authenticator app, the eponymous Microsoft Authenticator, that’ll debut for “all major mobile platforms” on August 15.

The new app is a merger of what was previously several, essentially. Under the old system, Microsoft demarcated two-factor business and personal accounts along a very clear line: Microsoft accounts (MSAs) on the one end, and Azure Active Directory (Azure AD) on the other. The two categories of customers lived within their siloed ecosystems, and everything, in theory, puttered along just splendidly.

But that wasn’t the case in practice. As Neowin notes, Microsoft had no fewer than four two-factor authentication apps across mobile: Azure Authenticator app on iOS, Authenticator for MSAs on Windows, and Microsoft Account on the Play Store. ddly, iOS lacked any form of app for managing MSAs. It wasn’t pretty, needless to say.

That’s why Microsoft’s starting fresh with Microsoft Authenticator, which Microsoft Identity Division’s Alex Simons said “combines the best parts of our previous authenticator apps into a new app.” The app’s biggest benefit? The ability to log into both MSAs and Azure ADs from a single interface. But that’s not the only improvement it has in tow. The user interface has been refreshed, and it’s gained support for one-click push notifications: initiate a login and you’ll get a message on your mobile with an “approve” button. Hit it, and you’re free to continue on your merry way.

There’s more. Microsoft Authenticator supports wearables, for better or worse — you can use an Apple Watch or Samsung Gear smartwatch to “approve MFA challenges.” Enterprise users can sign in using certificates now, too, but not to worry if you prefer biometrics to a PIN, passcode, or file: The new app supports fingerprint-based approvals on Android and iOS.

There are a few quirks of note. In terms of wearable approvals, Microsoft’s own Band and Band 2 won’t be supported, initially — Microsoft told Neowin that Band support is “one the roadmap” — and neither will devices running Google’s Android Wear operating system. And fingerprint support apparently isn’t in the cards for Windows Phone users, at least at launch. But that may change with the debut later this year of HP’s Elite x3 — the first Windows Phone device with an active fingerprint sensor.

The new authenticator app will replace Azure Authenticator in the form of an update, as will the Microsoft Account app on Android. Existing accounts will be “automatically upgraded,” Microsoft said.