Multifactor authentication needs a more robust method than voice and text messages, Microsoft indicates.
In a blog post, Alex Weinert, director of identity security at Microsoft, has advocated for a shift towards the widespread use of multi-factor authentication (MFA) to enhance security. Weinert, who has previously warned that passwords are losing relevance, has identified SMS and voice as unreliable secondary methods of authentication for MFA due to their basis on publicly switched telephone networks (PSTN), which are the least secure options.
Robb Reck, CISO at Ping Identity, echoes this sentiment. Reck urges a shift towards using mobile devices as the best option to confirm identity, citing the convenience and customized experience that apps provide compared to voice, SMS, or the mobile device's browser. Utilizing an app, Reck believes, will help organizations reach a tipping point where passwordless flows can be implemented, a move that promises improved security, the ability to implement passwordless flows based on user behavior and risk, and increased user engagement.
However, while MFA adds additional layers of defense, easily-exploitable second factors can mean even the most secure passwords are vulnerable. Weinert has issued a call to develop more secure methods of confirming identity or lean on app-based alternatives.
Weinert's stance is supported by statistics. The compromise rate for users using any type of MFA is less than 0.1% of the general population, according to Weinert. This underscores the major gaps in compromise rate that MFA can address.
Despite the benefits, it's worth noting that many parts of the world and significant demographic populations in the U.S. have not yet reached critical mass in the use of smartphones to eliminate the need for passwords. This presents a challenge, but also an opportunity for innovation in developing secure and accessible MFA solutions.
Robb Reck, in discussing the use of apps for identity verification, has been noticeably absent from recent email discussions. Despite this, his advocacy for mobile-based MFA and passwordless authentication continues to resonate in the cybersecurity community.
In conclusion, the move towards passwordless authentication, particularly through mobile-based MFA, is gaining traction in the cybersecurity industry. While challenges remain, the potential benefits in terms of security, user experience, and engagement make it a compelling direction for the future.
Read also:
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Malicious applications with 38 million installs on Google Play have been removed; here's what you can do to ensure your device's security.
- Business Woes Unveiled: The Sticky Situation of PCI Compliance Revealed as a Valuable Ally for Your Enterprise
- Insurance company Aflac reveals cyber attack, part of a broader criminal campaign aiming at the insurance sector industry
