Embracing Enhanced Security
Multi-factor Authentication, often referred to as MFA, has become a vital component in safeguarding our online accounts and personal data. To put simply, MFA is like having more than one lock on your front door. In the event that somebody steals the key to the lock, the intruder would still need to bypass an extra layer of security in order to get in (for example, a fingerprint or special code that only you know!). As such, MFA significantly enhances the security of online accounts.
For the longest time, Microsoft has offered SMS and voice call MFA as a simple way to verify one’s identity. While SMS and voice calls have been a convenient option, it has become clearer with time that it is not entirely foolproof. Malicious actors eventually find ways to exploit these authentication methods making them less secure. In response to growing threats, Microsoft has decided to pivot it’s users towards installing it’s proprietary MFA Authenticator App.
Why is the App better than using SMS or Voice Calls?
Using an Authenticator App has become the standard for many organizations. This is because it’s easy to download, use, and harder to crack for cybercriminals. As you try logging into an account with your username and password, you’ll be asked to navigate to the app that generates a code for you. These codes typically expire in under 30 seconds, and will generate a new one after the timer is up. It’s difficult to intercept these codes unless a malicious actor has full access to your phone, making the application a much more secure way to authenticate your identity.
That being said, there are many methods commonly used to bypass SMS and voice call MFA. Below are some of the methods used to bypass SMS and voice call MFA:
SIM Card Swapping: Malicious actors impersonate you, the individual, and convince your mobile carrier to transfer your phone number to a new SIM card.
Phishing: Someone sends you a fake website or fraudulent call claiming to be from a legitimate organization. They then trick you into revealing SMS or voice call MFA codes
Malware and Spyware: Viruses that have infected your device can capture incoming SMS messages and relay that over to third party that you may be unaware of
How will this affect my organization?
If you rely on using SMS or voice calls to log into Microsoft services, you will be prompted to instead transition to the Microsoft Authenticator App. This can be downloaded via the Apple or Google Play Store. If you believe this might be an issue for your organization, drop us a line and we’ll help you out.