fbpx

Due to continued growth and investment, we are hiring for a range of positions: APPLY NOW

Microsoft Issues Warning About 2 Factor Authentication

About Microsoft Issues Warning About 2 Factor Authentication

Patrick Cassidy
Nov 16

Microsoft Issues Warning About 2 Factor Authentication

Microsoft is urging users to stop using phone-based 2 factor authentication (2FA) solutions like one-time codes sent via SMS and voice calls. These methods should be replaced with newer 2FA technologies, like app-based authenticators.

The warning comes from Alex Weinert, Director of Identity Security at Microsoft. According to internal Microsoft statistics, Weinert said in a blog post last year that users who enabled 2FA ended up blocking around 99.9% of automated attacks against their Microsoft accounts. In his recent blog post on 10th Nov 2020, Weinert states that if users must choose between multiple 2FA solutions, they should avoid phone-based 2FA.

Voice Calls & SMS Messages Are No Longer Secure

No Encryption

SMS and voice calls are transmitted in cleartext which can be easily hijacked by determined attackers, using techniques and tools like software-defined-radios, FEMTO cells, or SS7 intercept services.

SIM Swapping

In attacks known as SIM swapping, phone network employees are targeted by hackers and tricked into transferring phone numbers to a hackers SIM card, allowing attackers to receive these 2FA one-time codes instead.

Phone Networks

Phone networks are exposed to changing regulations, downtimes, and performance issues, which impact the availability of the 2FA mechanism overall. This can prevent users from authenticating their accounts in times of urgency.

Microsoft Recommends the Authenticator App

Weinert says that users should enable a stronger 2FA mechanism for their accounts, recommending Microsoft’s Authenticator app as a good starting point.

SMS and voice calls are the least secure 2FA method today. The Microsoft exec believes that this gap between SMS & voice-based 2FA “will only widen” in the future.

However, this doesn’t mean that users should disable SMS or voice-based 2FA for their accounts. SMS 2FA is still better than no 2FA at all.

C3 Can Help

A review of your network and applications means we can advise on where we can configure 2FA for your business. We will work with you to establish what needs protected and assist in implementation and training on how to use it.

To protect your business, your customers and your reputation, get in touch below.

ionic-it.com/contact-us/

hello@ionic-it.com

028 7964 5865

More Information

Read Alex Weinert’s full blog post here >> techcommunity.microsoft.com/2FA

‘How to’ video on setting up the Microsoft Authenticator app >> microsoft.com/2factor-authentication

Don’t just take our word for it…

"As an SME with no specialised, in-house IT support, we were keen to work with a company that matched our values and standards."

Read full story

Michael O’Neill
Managing Director
Screen Clinical

"McCauley’s have used the services of Ionic IT (Formerly C3 Computers) for a number of years now, and the support has been second to none."

Read full story

Caitriona Gribben
Director
McCauley Trailers

"Ionic have looked after our IT Systems since 2012. I can recommend Ionic wholeheartedly as an excellent IT partner for any business."

Read full story

Paul Carolan
General Manager
Kiverco Recycling

"The Glenavon has been in partnership with Ionic for over seven years, and during this time, we have built a strong relationship with the Ionic team and, as a result, a stronger business."

Read full story

Brian Morris
Director
Glenavon House Hotel

"They effectively take the role of 3Y Group’s IT Department and professionally manage all our hardware, software and support issues."

Read full story

Murty Young
Director
3Y Group

"We have had a service contract for 10+ years with Patrick and the team. That says it all! They are an invaluable extension to our business. "

Read full story

Jayne Scullion
Manager
Copper Industries

"Ionic has made my role easier by giving me piece of mind that our IT systems and network are performing optimally"

Read full story

Gerald Kerlin
Operations Director
IMAC Group