When you send an SMS, it might be secure between your phone and your network, but once there it can bounces in plain text form between various SMS message centers inside various carriers en route from sender to recipient. The problem with SMS is that it’s built on an archaic architecture that sits inside the many cellular networks around the world. There are no viable alternatives that match its ubiquity and ease of use for the majority of us. But the simplicity of SMS passcodes that can be received by any phone has proven impossible to beat. The new SMS security warning came from Alex Weinert, Microsoft’s Director of Identity Security, who wrote in a blogpost that “I want to do what I can to convince you that it’s time to start your move away from SMS and voice Multi-Factor Authentication (MFA) mechanisms.” SMS messages are open to compromise in a way that other forms of MFA are not. federal agency was ‘pwned’ the entire attack could have been mitigated.” As Cyjax CISO Ian Thornton-Trump points out, no SMS MFA on Office 365, “is how even a U.S. The biggest issue with MFA isn’t woeful SMS security, it’s take-up. Earlier this year, it confirmed that only 11% of its own enterprise accounts have multifactor authentication (MFA) enabled, that a million of those accounts are compromised monthly, and that any form of MFA-SMS included-would prevent 99% of those attacks. Microsoft’s warning is potentially dangerous and certainly ironic.
0 kommentar(er)
