Home / Tech / News / Stop using your phone as a security device, says Microsoft

Stop using your phone as a security device, says Microsoft

Both voice calls and SMS’, which are used by 2FA solutions, are transmitted in clear text and can be easily intercepted and SMS codes are also susceptible to phishing attacks.
Both voice calls and SMS’, which are used by 2FA solutions, are transmitted in clear text and can be easily intercepted and SMS codes are also susceptible to phishing attacks. (Pixabay)

Move aside 2FA, it's time for MFA (multi-factor authentication) solutions for security. 

If you thought two-factor authentication (2FA) was great, Microsoft thinks otherwise. The company has been asking individuals to stop using 2FA tools that use SMS and voice calls instead of more secure modern technology.

The standard 2FA works by sending a one-time code to a device of the user’s choice. That means that the account in question can only be accessed if the user has both the correct password and the one-time code.

Microsoft’s director of identity services, Alex Weinert, however, argued in his blog post that poor level of security surrounding telephone networks mean that these types of multi-factor authentication solutions are severely lacking. Both voice calls and SMS’ are transmitted in clear text and can be easily intercepted and SMS codes are also susceptible to phishing attacks.

Weinert also added that changing regulations and performance issues makes phone networks poor choices for security tools.

Also Read: 10 things to keep in mind when you are setting up a new password

Weinert explained - “Today, I want to do what I can to convince you that it’s time to start your move away from the SMS and voice multi-factor authentication mechanisms,”.

“These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today. That gap will only widen as MFA adoption increases attackers’ interest in breaking these methods and purpose-built authenticators extend their security and usability advantages,” he added.

Also Read: Have I Been Pwned, the site that tells you if passwords were breached, is going open source

In his post, Weinert cautioned that as MFA (multi-factor authentication) solutions become more widely adopted, attackers will “increasingly focus on finding vulnerabilities that weaken their effectiveness”.

He added that security-conscious individuals should adopt Microsoft's Authenticator MFA app, or better yet, hardware security keys to protect themselves from attack.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.