Microsoft wants you to ditch SMS-based multi-factor authentication mechanisms

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,595
Content source
https://www.neowin.net/news/microsoft-wants-you-to-ditch-sms-based-multi-factor-authentication-mechanisms
With a large portion of people working from home in light of the ongoing pandemic, digital security and privacy has become more important than ever. And while we may not be observing the National Cyber Security Awareness Month (NCSAM) anymore, Microsoft has not given up on promoting cybersecurity initiatives.

Now, Alex Weinert, who is the Director of Identity Security at Microsoft, has penned a blog post highlighting the need to move away from multi-factor authentication (MFA) mechanisms which are based on publicly switched telephone networks (PSTN).

The executive has highlighted various reasons to let go of MFA systems based on PSTN such as SMS and voice. However, Weinert has emphasized that MFA itself is essential, it's just the way people use it that should change.

To that end, the executive has stated that mechanisms based on PSTN are the least secure MFA methods out there because practically every exploitation technique such as phishing and account takeover can still be carried out. This situation is only expected to get worse once attackers shift their interest to breaking MFA systems, which is dependent upon how much of the public use them. Furthermore, PSTN messages aren't adaptable to different users either, so the potential to further improve security via them is limited.
Click to expand...
Read the full article here at Neowin:
www.neowin.net

Microsoft wants you to ditch SMS-based multi-factor authentication mechanisms

In a new blog post, Microsoft has highlighted several vulnerabilities present in PSTN-based multi-factor authentication (MFA) mechanisms such as SMS, and encouraged transition to app-based MFA.
www.neowin.net www.neowin.net
Microsoft blog post:
techcommunity.microsoft.com

It's Time to Hang Up on Phone Transports for Authentication

Learn why we think it's time to move away from the SMS and voice Multi-Factor Authentication mechanisms.
techcommunity.microsoft.com
 
  • Like
  • Applause
Reactions: Protomartyr, ForgottenSeer 85179, upnorth and 4 others
You must log in or register to reply here.

Similar threads

Alexandre Ravelli
    • Like
    • Thanks
Serious Discussion Duo Authentication for Windows Logon and RDP
Replies
2
Views
392
Passwords and passkeys
Alexandre Ravelli
Alexandre Ravelli
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Retool blames breach on Google Authenticator MFA cloud sync feature
Replies
8
Views
1,664
News Archive
Sandbox Breaker
Sandbox Breaker
Ink
    • Like
    • +Reputation
Scams & Phishing News SEC confirms SIM Swap Attack on their X
Replies
7
Views
1,367
Security News
TairikuOkami
TairikuOkami

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top