San Francisco: Microsoft<\/a> is asking its users to avoid telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.

According to ZDNet<\/a>, Alex Weinert, Director of Identity Security at Microsoft has urged users to embrace and enable MFA for their online accounts.

Weinert said that if users have to choose between multiple MFA solutions, they should stay away from telephone-based MFA.

The executive also explained several known security issues, not with MFA, but with the state of the telephone<\/a> networks.

Both SMS and voice calls are transmitted in clear text and can be easily intercepted by determined attackers. SMS-based one-time codes are also phishable via open source.

In addition, phone networks are also exposed to changing regulations, downtimes, and performance issues, all of which impact the availability of the MFA mechanism overall.

Weinert said that users should enable a stronger MFA mechanism for their accounts, if available, recommending Microsoft's Authenticator MFA app as a good starting point.

<\/p><\/body>","next_sibling":[{"msid":79190944,"title":"NetApp looking to onboard more Indian startups: Cesar Cernuda","entity_type":"ARTICLE","link":"\/news\/netapp-looking-to-onboard-more-indian-startups-cesar-cernuda\/79190944","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[{"msid":"79191357","title":"Microsoft","entity_type":"IMAGES","seopath":"telecomnews\/microsoft-tells-users-to-stop-phone-based-multifactor-authentication\/microsoft","category_name":"Microsoft tells users to stop phone-based multifactor authentication","synopsis":false,"thumb":"https:\/\/etimg.etb2bimg.com\/thumb\/img-size-67268\/79191357.cms?width=150&height=112","link":"\/image\/microsoft-tells-users-to-stop-phone-based-multifactor-authentication\/microsoft\/79191357"}],"msid":79191342,"entity_type":"ARTICLE","title":"Microsoft tells users to stop phone-based multifactor authentication","synopsis":"Microsoft is asking its users to avoid telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.","titleseo":"telecomnews\/microsoft-tells-users-to-stop-phone-based-multifactor-authentication","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":561,"shares":0,"engagementtimems":2683000},"Alttitle":{"minfo":""},"artag":"IANS","artdate":"2020-11-12 17:03:06","lastupd":"2020-11-12 17:06:49","breadcrumbTags":["Microsoft","Open-source model","ZDNet","Microsoft news","Telephone","Short Message Service","Internet"],"secinfo":{"seolocation":"telecomnews\/microsoft-tells-users-to-stop-phone-based-multifactor-authentication"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2020-11-12" data-index="article_1">

微软告诉用户停止电话多因素身份验证

微软要求用户避免在线多因素身份验证(MFA)解决方案通过手机发送一次性密码和语音通话,而代之以新的MFA技术,像app-based身份验证器和安全密钥。

题材影片

2020年11月12日更新是05:06点

旧金山:微软要求用户避免在线多因素身份验证(MFA)解决方案通过手机发送一次性密码和语音通话,而代之以新的MFA技术,像app-based身份验证器和安全密钥。

根据ZDNet,亚历克斯。维内特,微软已经敦促用户身份安全主管接受并使MFA网络账户。

。维内特说,如果用户选择多个MFA的解决方案,他们应该远离在线MFA。

执行也解释了几个已知的安全问题,不是艺术,而是用的状态电话网络。

短信和语音通话都是明文传输,很容易被攻击者决定。基于短信的一次性代码也phishable通过开源的。

此外,电话网络也面临改变规定,宕机,和性能问题,这些都影响整体MFA的可用性机制。

。维内特说,用户应该使一个更强大的MFA机制为他们的帐户,如果可行的话,推荐微软的身份MFA应用作为一个很好的起点。