Technology
Logo
 

Microsoft tells users to stop phone-based multifactor authentication

IANS/San Francisco
Filed on November 12, 2020

(Reuters file)

Both SMS and voice calls can be easily intercepted by determined attackers.

Microsoft is asking its users to avoid telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.

According to ZDNet, Alex Weinert, Director of Identity Security at Microsoft has urged users to embrace and enable MFA for their online accounts.

Weinert said that if users have to choose between multiple MFA solutions, they should stay away from telephone-based MFA.

The executive also explained several known security issues, not with MFA, but with the state of the telephone networks.

Both SMS and voice calls are transmitted in clear text and can be easily intercepted by determined attackers. SMS-based one-time codes are also phishable via open source.

In addition, phone networks are also exposed to changing regulations, downtimes, and performance issues, all of which impact the availability of the MFA mechanism overall.

Weinert said that users should enable a stronger MFA mechanism for their accounts, if available, recommending Microsoft's Authenticator MFA app as a good starting point.





ERROR: Macro /ads/dfp-ad-article-new is missing!
MORE FROM Technology
MORE FROM Khaleej Times
CurrentRequestUnmodified: /apps/pbcs.dll/article?avis=KT&date=20201104&category=ARTICLE&lopenr=201109518&Ref=AR&profile=1041 macro_action: article, macro_profile: , macro_adspot:
 
 
 
 
 
KT App Download
khaleejtimes app

All new KT app
is available
for download:

khaleejtimes - android khaleejtimes - ios khaleejtimes - HUAWEI AppGallery