Microsoft Authenticator has a major flaw where new accounts added via QR code can overwrite existing accounts, causing significant frustration and potential lockouts for users. The issue stems from Microsoft only using usernames for authentication, unlike other apps that include issuer names. This has led to widespread complaints dating back to 2020, with solutions like manually entering codes or using other authentication apps recommended as workarounds. Microsoft dismisses the problem as a feature and blames users and issuers for not including issuer names. The company’s reluctance to fix the issue has left security experts questioning why anyone would choose Microsoft Authenticator.
https://www.csoonline.com/article/3480918/design-flaw-has-microsoft-authenticator-overwriting-mfa-accounts-locking-users-out.html