Microsoft recommends using app-based authenticators and security keys instead.
Article by Catalin Cimpanu for Zero Day
Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.
The warning comes from Alex Weinert, Director of Identity Security at Microsoft. For the past year, Weinert has been advocating on Microsoft’s behalf, urging users to embrace and enable MFA for their online accounts.
Citing internal Microsoft statistics, Weinert said in a blog post last year that users who enabled multi-factor authentication (MFA) ended up blocking around 99.9% of automated attacks against their Microsoft accounts.
But in a follow-up blog post today, Weinert says that if users have to choose between multiple MFA solutions, they should stay away from telephone-based MFA.
The Microsoft exec cites several known security issues, not with MFA, but with the state of the telephone networks today.
Read the entire article at: https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/