/* ---- Google Analytics Code Below */

Friday, November 13, 2020

Microsoft Warns about Dangers of MFA on Phones

 This was mentioned in a recent conversation about mlti factor authentication (MFA).  Especially using your phone as a means of MFA.   Good warning.  Includes links to other posts about the topic.

Microsoft Is Warning Against Using This Common Way of Protecting Your Most Important Accounts Those six-digit text message codes aren't as secure as you think.

By Jason Aten  TECH COLUMNIST  In Inc

Microsoft Is Warning Against Using This Common Way of Protecting Your Most Important Accounts

If you're using your phone for multi-factor authentication (MFA) to keep your important accounts safe, Microsoft has a warning for you. We'll get to that in just a second, but first, let's be clear on what we're talking about. MFA is an additional level of security beyond just a user name and password. For example, it's when your bank sends you a text message with a six-digit number that you have to enter on the website in order to get access to your accounts. 

The idea is that if someone were to get access to your user name and password--either through some kind of data breach, or simply because they were able to crack it--your account would still be safe since presumably only you would have access to the code sent to your phone. The problem is, that's not necessarily true. 

That's why Microsoft is warning people that while using text messages or phone verification as a form of MFA is better than nothing, it isn't as secure as you might think. That's because your phone number can be hacked, spoofed, swapped, or stolen. 

Specifically, Alex Weinert, Microsoft's director of identity and security wrote a blog post encouraging people to stop using their phone number for MFA. Weinert points out several reasons, including that SMS messages are not encrypted and that hackers have gotten very good at SIM-swapping.    .... " 

No comments: