Microsoft Warns Mobile Phone Users Against Highly Popular Multi-Factor Authentication Usage

Must Read

New RBI Guidelines Force You To Memorise All Of Your Card Details

It's time to get your brain prepped to do some much-needed homework and commit to memory the...

Bounce Layoff: Bike Rental Startup To Pivot Into New Vertical

Bike-rental startup Bounce has laid off a massive chunk of its workforce in a bid to survive...

Zomato Beefs Up Valuation Prior To IPO In Its Latest Fundraising Round!

Before heading to the stock market with an IPO, the homegrown food delivery startup Zomato beefs up...

If you are someone making use of multi-factor authentication solutions like SMS codes and voice calls, then you might want to reconsider.

Microsoft is currently urging users to adopt newer multi-factor authentication (MFA) technologies such as app-based authenticators and security keys instead of relying on the widely used older vulnerable methods.

Alex Weinert who is the Director of Identity Security at Microsoft, has issued a warning wherein he says users need to embrace the use of advanced security measures such as MFA and enable it on all online accounts.


Last year, Weinert, in a blog post about the same, cited internal statistics that Microsoft recorded over time which showed users who utilised or enabled multi-factor authentication aka MFA were able to successfully block close to 99.9% of automated attacks against their Microsoft accounts.

Now, today, in a follow-up blog, Weinert mentioned that if users have to choose between various MFA solutions that are available out there, they surely must make sure to stay away from the telephone-based ones.

According to the Microsoft executive, there currently lie several security issues with the state of telephone networks and therefore, both SMS and phone calls should not be relied upon for authentication purposes.

He explained that both voice calls and SMS get transmitted in cleartext and are not encrypted in any way. Thus, they can easily be intercepted by attackers who really know what they are doing. Determined threat actors can use multiple techniques and tools such as FEMTO cells, software-defined radios or SS7 intercept services to compromise your accounts easily.

Weinert also mentioned that SMS-based one-time codes could be obtained by malicious hackers using phishing as well. There are many readily available open-source tools such as Modishka, CredSniper and Evilginx, which can help accomplish tasks of this nature very easily.


Furthermore, besides intercepting the clear text, in case of voice calls, hackers can use social engineering tricks on phone network employees and then trick them into transferring phone numbers to their own SIM cards too. This particular method is known as SIM swapping, and it allows attackers to receive MFA codes without breaking much sweat.

Lastly and most importantly the biggest reason one must not rely on telephonic MFA services is because of the fact that phone networks are constantly subjected to changing regulations, performance issues, downtime and so on, which can impact the timely and regular availability of the MFA mechanism. Therefore, it is very much possible that users might not be able to authenticate their accounts sometimes, even if it is a moment of urgency.

It’s important to note that SMS and Voice based authentication process are the most popular and widely used security methods employed by most of the companies nowadays.

So, what exactly should be the perfect replacements for the defunct MFA methods?

Well, Weinert from Microsoft suggests that users can get started with the Microsoft’s Authenticator MFA app as it is an excellent example of what a stronger and superior MFA mechanism is supposed to be like.

However, if you are not comfortable with Microsoft suggestion, you can also look at Google Authenticator as well.

However, if users really want to up their security game to a whole new level altogether, the Microsoft Exec suggests they should use hardware security keys which he personally ranked as the best possible MFA solution out there in the last year’s blog.

All in all, it is well understood that passwords are no longer a viable way to secure your online identity, and while MFA solutions are also quickly getting replaced by newer more robust ones, one must always keep an eye out for what’s the next best possible option available at the moment.

Do you use an MFA solution for your online accounts? If so, which one? Let us know in the comments down below.


Please enter your comment!
Please enter your name here

Latest News

Facebook Continues Taking A Jab At Apple With New Marketing Campaign

Even after a month of attacking and accusing Tim Cook Zuckerberg is still very much fizzle out...

Xiaomi Levels Up On India Manufacturing: 99% Smartphones Are Made In India

Xiaomi really is digging its heels to live up to a commitment. One of the first adopters of the...

After SMS, WhatsApp Now Becomes A Threat To Cell Calling: 1 Billion And Counting

It already buried the SMSes in the ground. Now, traditional cellular calling is next on the hit list. The number of WhatsApp...

Flipkart Quickly Learns From the Mistake Amazon Did: Setting Up A Level Playing Field For Sellers!

Unlike Amazon which allegedly implemented unethical strategies to tackles India’s FDI policy for e-commerce marketplaces, Flipkart plans to do it right!

Facebook’s $1 Billion Commitment To The News Industry: An Effort To Defuse The Situation!

Barking dogs seldom bite! After agreeing to reverse the news ban for Australian users, now Facebook is finally...

New RBI Guidelines Force You To Memorise All Of Your Card Details

It's time to get your brain prepped to do some much-needed homework and commit to memory the 16-digit numbers from all of...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This