Microsoft recommends users to stop using one-time passwords sent via SMS and voice calls
According to ZDNet, Alex Weinert, Director of
Weinert said that if users have to choose between multiple MFA solutions, they should stay away from telephone-based MFA.
The executive also explained several known security issues, not with MFA, but with the state of the telephone networks.
Both SMS and voice calls are transmitted in clear text and can be easily intercepted by determined attackers. SMS-based one-time codes are also phishable via open source.
In addition, phone networks are also exposed to changing regulations, downtimes, and performance issues, all of which impact the availability of the MFA mechanism overall.
AdvertisementWeinert said that users should enable a stronger MFA mechanism for their accounts, if available, recommending Microsoft's Authenticator MFA app as a good starting point.
- Over One lakh oxygen concentrators cleared by customs from April 24 to May 4
- Check out who all can travel to the US amidst uncertainty in international travel
- Water shortage might be on the way to worsen Delhi's COVID-19 crisis
- Himachal Pradesh government imposes curfew effective from tomorrow till May 16
- A third wave of COVID-19 will surely come and it may spread faster and wider but don't know when, says advisor to the Indian government