Security News > 2020 > November > Microsoft advises users to stop using SMS- and voice-based MFA

Microsoft advises users to stop using SMS- and voice-based MFA
2020-11-12 13:23

Last year, Weinert noted that using any form of MFA is better than relying just on a password for security, as it "Significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population."

The SMS and voice formats aren't adaptable to user experience expectations, technical advances, and attacker behavior in real-time.

Support agents at companies operating publicly switched telephone networks can be tricked, bribed or coerced by attackers into providing access to the victims' SMS or voice channel.

The value of multi-factor authentication is not in question, but as more and more users adopt it, attackers will try come up with new ways to grab the needed OTP authentication codes.

Weinert advised users to, if possible, switch from SMS- and voice-based MFA to using app-based authentication.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/FYiAmmM_gik/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400