Cybersecurity: Microsoft urges consumers to stop using phone-based multi-factor authentication

*App-based authentication is more secure than phone-based multi-factor authentication (MFA) mechanisms, says company executive

Isola Moses | ConsumerConnect

In order to ensure security of users of the tech giant’s range of products and services online, a Microsoft executive is urging consumers to move away from phone-based multi-factor authentication (MFA) mechanisms.

Instead, he advocates they should embrace newer security technologies, such as app-based authenticators and security keys.

ConsumerConnect gathered Alex Weinert, Director of Identity Security at Microsoft, in a blog post, disclosed that app-based two-factor authentication provides greater security.

Weinert stated that telephone-based multi-factor authentication (MFA) solutions, including one-time codes sent via SMS and voice calls, are “based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today.”

According to the expert, “that gap will only widen as MFA adoption increases attackers’ interest in breaking these methods and purpose-built authenticators extend their security and usability advantages.

“Plan your move to passwordless strong auth now – the authenticator app provides an immediate and evolving option.”

On why MFA is ‘essential’, report indicates that in 2019, Weinert penned a blog post in which he said that internal Microsoft statistics showed that users who enabled MFA blocked around 99.9 percent of automated attacks against their Microsoft accounts.

Still, in a follow up blog post earlier in the week, the Microsoft executive emphasised that MFA itself is essential, adding, but the way people use it should change.

If users have to choose between multiple MFA mechanisms, they should avoid phone-based MFA which can be intercepted by attackers, he noted.

He stated that a good place to begin is by using Microsoft’s Authenticator MFA app. For even greater security, hardware security keys can be used.

Kindly Share This Story