![Users to stop using phone-based multi-factor authentication, says Microsoft Users to stop using phone-based multi-factor authentication, says Microsoft](https://varindia.com/storage/news/uploads/2018/02/5faffd55d6bed.jpg)
Microsoft usges its users to avoid telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security key.
Alex Weinert, Director of Identity Security at Microsoft. For the past year, Weinert has been advocating on Microsoft's behalf, urging users to embrace and enable MFA for their online accounts.
He further says, cites several known security issues, not with MFA, but with the state of the telephone networks today.
Weinert says that both SMS and voice calls are transmitted in cleartext and can be easily intercepted by determined attackers, using techniques and tools like software-defined-radios, FEMTO cells, or SS7 intercept services.
As per ZDNet, SMS-based one-time codes are also phishable via open source and readily-available phishing tools like Modlishka, CredSniper, or Evilginx.
It further says, phone network employees can be tricked into transferring phone numbers to a threat actor's SIM card - in attacks known as SIM swapping-, allowing attackers to receive MFA one-time codes on behalf of their victims.a
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.