Microsoft Asks Users to Stop Utilizing Phone-based MFA


Microsoft has urged users to stop using mobile-based multi-factor authentication (MFA) solution. Such solutions include voice calls and OTP codes sent through SMS. Microsoft has informed the users to replace them with better MFA solutions like security and app-based authenticator keys. Alex Weinert, Director of Identity Security at the organization, has consistently told its users to adapt and activate MFA for the online accounts.

Read More: Can Encryption Boost Data Security

The deployment of MFA has helped reduce automated attacks by 99.9%. Microsoft prefers that users steer clear of telephone-based multi-factor authentication. The main reason is that both voice calls and SMS are delivered in cleartext and easily intercepted. SMS codes can also be phished via tools like Evilginx, CredSniper, or Modlishka, etc.

Source: zdnet