Security News > 2022 > October > Text message verification flaws in your Windows Active Directory
While the use of text messaging goes a long way toward protecting an organization against cyber criminals who attempt to use stolen passwords as a way of gaining access to accounts, text messaging-based MFA has vulnerabilities of its own.
Risk of text message use in multi-factor authentication.
The problem with using text messaging as an MFA mechanism is that it assumes that only the recipient has access to the physical device to which the authentication code is being sent.
Imagine for a moment that an attacker has managed to infect a user's mobile device with malware and that this malware has revealed the user's Active Directory username and password to the attacker.
Despite the vulnerabilities associated with text messages, MFA remains an essential tool for keeping accounts secure.
Although Specops Secure Service Desk does support the use of a code that is sent to the user's device by way of SMS text message, there are other verification methods that can be used in place of or in conjunction with this code.