Microsoft is urging users to stop using phone-based Multi-Factor Authentication (MFA) solutions like one-time security codes via voice calls and SMS and trying to bring them on newer MFA technologies such as app-based authenticators and security keys.
Who said to stop using Phone-based Multi-Factor Authentication?
The Director of Identity Security at Microsoft Corporation, Alex Weinert, brought this warning to Microsoft users that don’t use Phone-based Multi-Factor Authentication. But for the past year, Alex Weinert has been urging users to enable Multi-Factor Authentication (MFA) technology for their online Microsoft accounts.
Why shouldn’t you use SMS-based Multi-Factor Authentication?
According to internal reports of Microsoft Statistics, Microsoft users successfully blocked almost 99.9% automated online attacks against their Microsoft accounts by enabling multi-factor authentication (MFA) technology.
But in the latest post, he requested the Microsoft users to stay away from telephone-based MFA if users have multiple options to choose between multiple MFA solutions.
According to Weinert, the Director of Identity Security at Microsoft Corporation, attackers and hackers can easily interpret and intercept the data coming from SMS and voice calls as they are transmitted in simple text. Attackers can easily steal their credentials by using softwares like SS7 intercept services, FEMTO cells, or software-defined-radios.
One-time code could be phishable
By using open-source phishing tools like Modlishka, Evilginx, and others can steal your SMS-based one-time codes.
Most importantly, phone networks are also exposed to changing regulations, downtimes, and performance problems, all of which impact the availability of the MFA mechanism overall, which, for its part, restricts users from authenticating on their account in moments of urgency.
SMS AND VOICE CALLS ARE THE LEAST SECURE MFA METHOD TODAY
All these factors like phishing SMS-based one-time codes, downtimes, performance issues make SMS and call-based MFA “the least secure of the MFA methods available today for Microsoft users,” said the Director of Identity Security at Microsoft.
The surge of MFA adoption is calling more and more attackers.
As the adoption level of MFA technology is increasing day by day, there are more chances for attackers to intercept the user’s data by applying and using different phishing methods, attacking techniques, and all and all.
So, Weinert advised users to use a robust MFA mechanism for their accounts to prevent any only attacks from attackers and hackers. Additionally, he recommended Microsoft’s Authenticator MFA app.
But if users want the best MFA mechanism, they should go with hardware security keys, which Director of Identity Security at Microsoft, Weinert, ranked as the best MFA solution in a blog post he published last year.