Microsoft warns that the SMS and Voice format of Multi-factor authentication is unsafe and un-encrypted, so it should be abandoned, and app-based authentication protocol must be used

Multi-factor authentication is one of the most important data security protocols for every person who uses the internet. SMS and voice format of multi-factor authentication systems have always been in use, but recently, the Director of Identity Security at Microsoft, Alex Weinert has claimed that these formats should be abandoned now.

Alex Weinert has explained that both SMS and voice formats of multi-factor authentication protocol are based on the PSTN system or the Publicly Switched Telephone Networks. Now, these PSTN systems are very easily manipulated through social engineering, and they rely on the performance of the mobile operator. When the SMS and voice protocols were developed, they were not encrypted. And now, because of various reasons, no one can overlay encryption onto these protocols. Even if someone tries to make these protocols encrypted, the users will not be able to read them. The messages will bloat, and many other protocols will be hampered because of this.

Now all of this means that when a user tries to use these PSTN-based multi-factor authentication protocols, their signals can be intercepted by cybercriminals and hackers, and they can easily get access to the switching network if they are within the radio range of a mobile phone or another device.

So, this establishes the fact that these PSTN-based protocols are not reliable at all, and that is why SMS and voice protocols should be abandoned now as they can expose the users’ data to anyone out there.

According to Alex Weinert, the main advantage of such multi-factor authentication protocols is that they can be adapted according to the expectations and experience of the users. As technology advances, these protocols must see advancement too so that users’ data across the internet remains protected at all times. The problem with these SMS and voice protocols is that they cannot be adapted, and this makes their usability very restricted and questionable too.

So, Weinert believes that instead of these antiquated protocols, users should start using App-based authentication protocols. Weinert also points out that the Microsoft Authenticator app is one of the best apps for authentication out there currently, and users must have it if they have a Microsoft account.

Alex Weinert explained that Microsoft’s Authenticator app uses encrypted communication which allows bi-directional communication on authentication status. Microsoft is working on making the app more secure and add more controls for the users to help them feel protected. So far, the app has an app lock, a hiding system for notifications from the lock screen, a history of sign-in in the app, and a lot more. These are all some basic protocols that the app provides, and soon it will see a lot of advancement for authentication purposes.



No comments:

Post a Comment