Microsoft wants you to stop using your phone as a security device

Phone security
(Image credit: Shutterstock)

Microsoft is asking individuals to abandon two-factor authentication (2FA) tools that still use SMS and voice calls in favor of more modern security technology. 

Standard two-factor authentication solutions work by sending a one-time code to a chosen device. This means that a particular account can only be accessed if an individual is in possession of both the correct password and the one-time code.

However, Alex Weinert, Microsoft’s director of identity services, argues that the poor level of security surrounding telephone networks means these types of multi-factor authentication solutions are severely lacking. Both SMS and voice calls are transmitted in clear text and can be easily intercepted, while SMS codes are subject to phishing attacks. Changing regulations and performance issues also make phone networks poor choices for security tools.

Multi-factor authentication

“Today, I want to do what I can to convince you that it’s time to start your move away from the SMS and voice multi-factor authentication mechanisms,” Weinert explained. “These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today. That gap will only widen as MFA adoption increases attackers’ interest in breaking these methods and purpose-built authenticators extend their security and usability advantages.”

Weinert rightly cautions that as MFA solutions become more widely adopted, attackers will increasingly focus on finding vulnerabilities that weaken their effectiveness. He argues that security-conscious individuals should adopt Microsoft's Authenticator MFA app, or better yet, hardware security keys to protect themselves from attack.

Not that long ago, passwords were largely the only safeguards used for online solutions. But the security landscape has quickly moved from, and is now considering what the best multi-factor authentication (MFA) approach can be.

Via ZDNet

TOPICS
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock