Microsoft advises users to stop using SMS- and voice-based MFA

2020-11-12 13:23

Last year, Weinert noted that using any form of MFA is better than relying just on a password for security, as it "Significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population."

The SMS and voice formats aren't adaptable to user experience expectations, technical advances, and attacker behavior in real-time.

Support agents at companies operating publicly switched telephone networks can be tricked, bribed or coerced by attackers into providing access to the victims' SMS or voice channel.

The value of multi-factor authentication is not in question, but as more and more users adopt it, attackers will try come up with new ways to grab the needed OTP authentication codes.

Weinert advised users to, if possible, switch from SMS- and voice-based MFA to using app-based authentication.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/FYiAmmM_gik/

#MFA #microsoft

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		688	788	4519	4398	3624	13329