Security News > 2022 > November > Microsoft hits the switch on password-free smartphone authentication

At its Ignite 2022 event last month, Microsoft announced general availability of Azure Active Director certificate-based authentication, addressing a component the Biden Administration's executive order last year to strengthen the US's cybersecurity.

Microsoft is now offering a public preview of Azure AD CBA on devices running Apple's iOS and Android that uses certificates on Yubico's YubiKey hardware security key.

Microsoft, along with others including Apple and Google, is pushing for passwordless authentication - and aims to fend off phishing attacks designed to get around multifactor authentication.

Vimala Ranganathan, product manager for Microsoft Entra, explained that the preview will give mobile device users a login method that supports Federal Information Processing Standards for anti-phishing MFA. "On mobile, while customers can provision user certificates on their personal mobile device to be used for authentication, this is primarily feasible for managed mobile devices," Ranganathan said.

To cut off all nearby phones with these Chinese chips, this is the bug to exploit We can't believe people use browsers to manage their passwords, says maker of password management tools Microsoft lures SMBs to Cloudy PCs by connecting them to Xbox accounts We were already secure enough for mass remote working before COVID-19, boast IT pros.

Roid devices enabled by the latest Microsoft Authentication Library won't need the YubiKey Authenticator app.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/07/microsoft_azure_phishing_mfa/