Microsoft recommends users to stop using one-time passwords sent via SMS and voice calls
According to ZDNet, Alex Weinert, Director of
Weinert said that if users have to choose between multiple MFA solutions, they should stay away from telephone-based MFA.
The executive also explained several known security issues, not with MFA, but with the state of the telephone networks.
Both SMS and voice calls are transmitted in clear text and can be easily intercepted by determined attackers. SMS-based one-time codes are also phishable via open source.
In addition, phone networks are also exposed to changing regulations, downtimes, and performance issues, all of which impact the availability of the MFA mechanism overall.
AdvertisementWeinert said that users should enable a stronger MFA mechanism for their accounts, if available, recommending Microsoft's Authenticator MFA app as a good starting point.
Popular on BI
- Girish Mathrubootham, the son of a retired bank officer who built a $13 billion company in just 10 years
- A couple who traveled to 48 states in an RV share 17 things they would never go on a trip without
- The Taliban is bringing back executions and cutting off hands as punishment after retaking control of Afghanistan
- Ethereum’s scaling issues strike again as TIME Magazine’s NFTs sell for 30 times their price
- Best baby swing cradle and chair in India
- China's FUD drags down Bitcoin, Ether and other cryptocurrencies yet again
- The India Chapter of the International Advertising Association elects Megha Tata as its President for a second term
- The beer ‘cartel’ of Kingfisher, Budweiser and Carlsberg have to cough up ₹870 crore in fines