fbpx

Due to continued growth and investment, we are hiring for a range of positions: APPLY NOW

Microsoft Issues Warning About 2 Factor Authentication

About

Patrick Cassidy
Nov 16

Microsoft Issues Warning About 2 Factor Authentication

Microsoft is urging users to stop using phone-based 2 factor authentication (2FA) solutions like one-time codes sent via SMS and voice calls. These methods should be replaced with newer 2FA technologies, like app-based authenticators.

The warning comes from Alex Weinert, Director of Identity Security at Microsoft. According to internal Microsoft statistics, Weinert said in a blog post last year that users who enabled 2FA ended up blocking around 99.9% of automated attacks against their Microsoft accounts. In his recent blog post on 10th Nov 2020, Weinert states that if users must choose between multiple 2FA solutions, they should avoid phone-based 2FA.

Voice Calls & SMS Messages Are No Longer Secure

No Encryption

SMS and voice calls are transmitted in cleartext which can be easily hijacked by determined attackers, using techniques and tools like software-defined-radios, FEMTO cells, or SS7 intercept services.

SIM Swapping

In attacks known as SIM swapping, phone network employees are targeted by hackers and tricked into transferring phone numbers to a hackers SIM card, allowing attackers to receive these 2FA one-time codes instead.

Phone Networks

Phone networks are exposed to changing regulations, downtimes, and performance issues, which impact the availability of the 2FA mechanism overall. This can prevent users from authenticating their accounts in times of urgency.

Microsoft Recommends the Authenticator App

Weinert says that users should enable a stronger 2FA mechanism for their accounts, recommending Microsoft’s Authenticator app as a good starting point.

SMS and voice calls are the least secure 2FA method today. The Microsoft exec believes that this gap between SMS & voice-based 2FA “will only widen” in the future.

However, this doesn’t mean that users should disable SMS or voice-based 2FA for their accounts. SMS 2FA is still better than no 2FA at all.

C3 Can Help

A review of your network and applications means we can advise on where we can configure 2FA for your business. We will work with you to establish what needs protected and assist in implementation and training on how to use it.

To protect your business, your customers and your reputation, get in touch below.

ionic-it.com/contact-us/

hello@ionic-it.com

028 7964 5865

More Information

Read Alex Weinert’s full blog post here >> techcommunity.microsoft.com/2FA

‘How to’ video on setting up the Microsoft Authenticator app >> microsoft.com/2factor-authentication

Don’t just take our word for it…

"Ionic has been key in boosting our IT resilience and business continuity. As our go-to IT partner, we really appreciate how the team at Ionic takes the time to get to know our business and listens to us. They make improvements that turn our IT into a real value driver and get it ready for future growth'”

Read full story

Gary McLorn
Head of Marketing and Pre-Sales TES Group

I would recommend Ionic to any business considering their services. The first reason, you know that everything is being covered, you know IT is one thing less you have to worry about, so it means we can get on with core business activities. The second, we know we are getting good expertise and value for money.

Read full story

Tony Convery
Sustainability & Business Improvement Director Clarke

"As an SME with no specialised, in-house IT support, we were keen to work with a company that matched our values and standards."

Read full story

Michael O’Neill
Managing Director Screen Clinical

"McCauley’s have used the services of Ionic IT for a number of years now, and the support has been second to none."

Read full story

Caitriona Gribben
Director McCauley Trailers

"The Glenavon has been in partnership with Ionic for over seven years, and during this time, we have built a strong relationship with the Ionic team and, as a result, a stronger business."

Read full story

Brian Morris
Director Glenavon House Hotel

"They effectively take the role of 3Y Group’s IT Department and professionally manage all our hardware, software and support issues."

Read full story

Murty Young
Director 3Y Group

"Ionic has made my role easier by giving me piece of mind that our IT systems and network are performing optimally"

Read full story

Gerald Kerlin
Operations Director IMAC Group

Read full story