World Safety
World Safety

Microsoft wants you to stop using your phone as a security device

  • Data Protection

    Microsoft wants you to stop using your phone as a security device

    Posted by Nigel Brown on 14 November 2020 at 10:57 am

    Move aside 2FA, it’s time for MFA (multi-factor authentication) solutions for security according to Microsoft, who are not renowned for their secure software.

    Both voice calls and SMS’, which are used by 2FA solutions, are transmitted in clear text and can be easily intercepted and SMS codes are also susceptible to phishing attacks.

    If you thought two-factor authentication (2FA) was great, Microsoft thinks otherwise. The company has been asking individuals to stop using 2FA tools that use SMS and voice calls instead of more secure modern technology.

    The standard 2FA works by sending a one-time code to a device of the user’s choice. That means that the account in question can only be accessed if the user has both the correct password and the one-time code.

    Microsoft’s director of identity services, Alex Weinert, however, stated in his blog post that poor level of security surrounding telephone networks mean that these types of multi-factor authentication solutions are severely lacking. Both voice calls and SMS’ are transmitted in clear text and can be easily intercepted and SMS codes are also susceptible to phishing attacks.

    Weinert also added that changing regulations and performance issues makes phone networks poor choices for security tools.

    Weinert explained – “Today, I want to do what I can to convince you that it’s time to start your move away from the SMS and voice multi-factor authentication mechanisms,”.

    “These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today. That gap will only widen as MFA adoption increases attackers’ interest in breaking these methods and purpose-built authenticators extend their security and usability advantages,” he added.

    In his post, Weinert cautioned that as MFA (multi-factor authentication) solutions become more widely adopted, attackers will “increasingly focus on finding vulnerabilities that weaken their effectiveness”.

    He added that security-conscious individuals should adopt Microsoft’s Authenticator MFA app, or better yet, hardware security keys to protect themselves from attack.

    Until a more trusted company issues an app I will trust what I have now!

    security
    Nigel Brown replied 3 years, 10 months ago 1 Member · 0 Replies
  • 0 Replies

Sorry, there were no replies found.

Log in to reply.

Start of Discussion
0 of 0 replies June 2018
Now

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .