Microsoft Warns Mobile Phone Users Against Highly Popular Multi-Factor Authentication Usage

Must Read

Elon Musk Added Over $100 Billion To His Net Worth In Just 1 Year, Leaves Jeff Bezos Behind

Jeff Bezos may the world's richest person in the world but it's Elon Musk who has been...

iPhone 12 Plagued With Serious Problems: Should You Buy It, Still?

A serious problem with Apple iPhone 12, identified recently, is good enough to give a second thought...

Elon Musk Overtakes Bill Gates And Becomes the 2nd Richest Person in the World

It's been a good week for Elon Musk and his electrical vehicle business Tesla. Earlier this week,...

If you are someone making use of multi-factor authentication solutions like SMS codes and voice calls, then you might want to reconsider.

Microsoft is currently urging users to adopt newer multi-factor authentication (MFA) technologies such as app-based authenticators and security keys instead of relying on the widely used older vulnerable methods.

Alex Weinert who is the Director of Identity Security at Microsoft, has issued a warning wherein he says users need to embrace the use of advanced security measures such as MFA and enable it on all online accounts.


Last year, Weinert, in a blog post about the same, cited internal statistics that Microsoft recorded over time which showed users who utilised or enabled multi-factor authentication aka MFA were able to successfully block close to 99.9% of automated attacks against their Microsoft accounts.

Now, today, in a follow-up blog, Weinert mentioned that if users have to choose between various MFA solutions that are available out there, they surely must make sure to stay away from the telephone-based ones.

According to the Microsoft executive, there currently lie several security issues with the state of telephone networks and therefore, both SMS and phone calls should not be relied upon for authentication purposes.

He explained that both voice calls and SMS get transmitted in cleartext and are not encrypted in any way. Thus, they can easily be intercepted by attackers who really know what they are doing. Determined threat actors can use multiple techniques and tools such as FEMTO cells, software-defined radios or SS7 intercept services to compromise your accounts easily.

Weinert also mentioned that SMS-based one-time codes could be obtained by malicious hackers using phishing as well. There are many readily available open-source tools such as Modishka, CredSniper and Evilginx, which can help accomplish tasks of this nature very easily.


Furthermore, besides intercepting the clear text, in case of voice calls, hackers can use social engineering tricks on phone network employees and then trick them into transferring phone numbers to their own SIM cards too. This particular method is known as SIM swapping, and it allows attackers to receive MFA codes without breaking much sweat.

Lastly and most importantly the biggest reason one must not rely on telephonic MFA services is because of the fact that phone networks are constantly subjected to changing regulations, performance issues, downtime and so on, which can impact the timely and regular availability of the MFA mechanism. Therefore, it is very much possible that users might not be able to authenticate their accounts sometimes, even if it is a moment of urgency.

It’s important to note that SMS and Voice based authentication process are the most popular and widely used security methods employed by most of the companies nowadays.

So, what exactly should be the perfect replacements for the defunct MFA methods?

Well, Weinert from Microsoft suggests that users can get started with the Microsoft’s Authenticator MFA app as it is an excellent example of what a stronger and superior MFA mechanism is supposed to be like.

However, if you are not comfortable with Microsoft suggestion, you can also look at Google Authenticator as well.

However, if users really want to up their security game to a whole new level altogether, the Microsoft Exec suggests they should use hardware security keys which he personally ranked as the best possible MFA solution out there in the last year’s blog.

All in all, it is well understood that passwords are no longer a viable way to secure your online identity, and while MFA solutions are also quickly getting replaced by newer more robust ones, one must always keep an eye out for what’s the next best possible option available at the moment.

Do you use an MFA solution for your online accounts? If so, which one? Let us know in the comments down below.


Please enter your comment!
Please enter your name here

Latest News

Backed By First-Time Shoppers, Flipkart And Amazon Dominated Festive Online Sales in India

It seems like Flipkart and Amazon squeezed the most out of the month-long festive season in India...

Amazon Gets Slapped With Penalty As GOI Prepares To Tighten The Noose On Ecommerce Players!

In a recent move, the Indian Government slapped Amazon on its wrist for not mentioning the country of origin detail for products...

Facebook’s Past Comes Back To Bite As South Korea Fines Them For 2018 Scandal

The social media behemoth Facebook Inc. (NASDAQ:FB) has once again proved they are the true arch-nemesis of modern-day user-privacy!

Amazon Future Group Dispute Deepens As Singapore Court Turns Down Future Group Plea

The dispute between Amazon and Future Retail is, apparently, far from over anything soon as the Singapore International Arbitration Centre (SIAC) has...

Google Pay Fee On Instant Transfer: An Indication Of Google’s Aggressive Monetisation Strategy?

Google has decided to levy fee on instant payment, starting from the US market. A few days back, Google...

Twitter Account Verification Is Back, But Has it Lost Its Mojo?

Twitterati queue up! As the Twitter account verification process which is responsible for awarding blue badges prepares to...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This