Microsoft Warns Mobile Phone Users Against Highly Popular Multi-Factor Authentication Usage

Must Read

How To Leverage On Cold Calling to Help You Win Big In 2021

Cold calling is an old-fashioned sales strategy that involves sales representatives reaching out to prospective customers who have not...

With Free Delivery and Zero Surge Pricing, What’s Swiggy Upto?

Be it fancy, hearty meals delivered at door-step or being the savior of late-night food cravings - Swiggy has...

Are You A Gaming Geek: ‘Five Commandments’ Before You Buy Video Games Online !

Does your day start with joysticks instead of coffee mugs? Or as a kid your best friends were the...

If you are someone making use of multi-factor authentication solutions like SMS codes and voice calls, then you might want to reconsider.

Microsoft is currently urging users to adopt newer multi-factor authentication (MFA) technologies such as app-based authenticators and security keys instead of relying on the widely used older vulnerable methods.

Alex Weinert who is the Director of Identity Security at Microsoft, has issued a warning wherein he says users need to embrace the use of advanced security measures such as MFA and enable it on all online accounts.


Last year, Weinert, in a blog post about the same, cited internal statistics that Microsoft recorded over time which showed users who utilised or enabled multi-factor authentication aka MFA were able to successfully block close to 99.9% of automated attacks against their Microsoft accounts.

Now, today, in a follow-up blog, Weinert mentioned that if users have to choose between various MFA solutions that are available out there, they surely must make sure to stay away from the telephone-based ones.

According to the Microsoft executive, there currently lie several security issues with the state of telephone networks and therefore, both SMS and phone calls should not be relied upon for authentication purposes.

He explained that both voice calls and SMS get transmitted in cleartext and are not encrypted in any way. Thus, they can easily be intercepted by attackers who really know what they are doing. Determined threat actors can use multiple techniques and tools such as FEMTO cells, software-defined radios or SS7 intercept services to compromise your accounts easily.

Weinert also mentioned that SMS-based one-time codes could be obtained by malicious hackers using phishing as well. There are many readily available open-source tools such as Modishka, CredSniper and Evilginx, which can help accomplish tasks of this nature very easily.


Furthermore, besides intercepting the clear text, in case of voice calls, hackers can use social engineering tricks on phone network employees and then trick them into transferring phone numbers to their own SIM cards too. This particular method is known as SIM swapping, and it allows attackers to receive MFA codes without breaking much sweat.

Lastly and most importantly the biggest reason one must not rely on telephonic MFA services is because of the fact that phone networks are constantly subjected to changing regulations, performance issues, downtime and so on, which can impact the timely and regular availability of the MFA mechanism. Therefore, it is very much possible that users might not be able to authenticate their accounts sometimes, even if it is a moment of urgency.

It’s important to note that SMS and Voice based authentication process are the most popular and widely used security methods employed by most of the companies nowadays.

So, what exactly should be the perfect replacements for the defunct MFA methods?

Well, Weinert from Microsoft suggests that users can get started with the Microsoft’s Authenticator MFA app as it is an excellent example of what a stronger and superior MFA mechanism is supposed to be like.

However, if you are not comfortable with Microsoft suggestion, you can also look at Google Authenticator as well.

However, if users really want to up their security game to a whole new level altogether, the Microsoft Exec suggests they should use hardware security keys which he personally ranked as the best possible MFA solution out there in the last year’s blog.

All in all, it is well understood that passwords are no longer a viable way to secure your online identity, and while MFA solutions are also quickly getting replaced by newer more robust ones, one must always keep an eye out for what’s the next best possible option available at the moment.

Do you use an MFA solution for your online accounts? If so, which one? Let us know in the comments down below.


Please enter your comment!
Please enter your name here

Latest News

Future Retail Can’t Sell Its Assets To Reliance Retail: Singapore Tribunal

In a double victory for Amazon, the Singapore International Arbitration Centre (SIAC) has denied Future Retail's appeal to lift the temporary suspension...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This