Thursday , December 9 2021

Microsoft recommends that companies opt out of text-to-speech authentication passwords


Credit: Dreamstime

A Microsoft executive is urging companies to discontinue the most popular method of multi-factor authentication (MFA) – temporary passwords sent to mobile devices via text or voice – for different approaches, including application authenticators, saying they have more security.

“It’s time to start moving away from SMS and voice multi-factor authentication (MFA) mechanisms,” identity security director Alex Weinert confirmed in a November 10 post on a Microsoft blog. “These mechanisms are based on publicly modified telephone networks (PSTNs), and I believe they are the most secure of the MFA methods available today.”

Weinert argued that other MFA methods are more secure, including Microsoft Authenticator, an authenticator based on his company’s applications, and Windows Hello, including Microsoft’s biometric technology umbrella label, face recognition, and fingerprint verification.

It’s no coincidence that Weinert has aggressively pushed the technologies that Microsoft has promoted in his campaign to convince companies to go without a password.

More than a year ago, Weinert determined how, in his view, passwords are not only against the theft of credential defenses, but enabled by the MFA, “your account is less than 99.9 percent risky.”

Source link