Unphishable mobile MFA through hardware keys

2023-01-30 15:07

Passwords are a mess, MFA can be more of a stopgap than a solution to phishing and running your own public key infrastructure for certificates is a lot of work.

Ironically, if you're a security-aware organization in a regulated industry that already did the hard work of adopting the previous gold standard - smartcards that hold a security certificate and validate it against a certificate authority on your infrastructure - you might find yourself stuck running ADFS as you try to move to the new FIDO keys.

Certificate-based authentication in Azure AD adds smartcard support to Azure AD, and now you can set a policy that requires phishing-resistant MFA for signing in to native and web-based apps on iOS and Android using FIDO security keys.

Using hardware keys lets teams provision certificates to remote workers, BYOD and other unmanaged devices - without having to move away from your existing infrastructure until you're ready.

As well as organizations getting better security, employees get a better experience because they don't have to make sure their mobile device connects often enough to have an up-to-date certificate or deal with so many authentication prompts that they get MFA fatigue and just click yes on what might be a phishing attack.

Mobile Azure AD Certificate-Based Access is in public preview and initially it only works with YubiKey security keys that plug in to a USB port: Microsoft is planning to add NFC support, as well as more hardware providers.

News URL

https://www.techrepublic.com/article/mobile-mfa-hardware-keys/

#MFA #mobile