Microsoft to prevent phishing attacks through video-based user verification

The company is getting aggressive towards preventing hackers from stealing credentials and gaining access to networks.

To address the threat of attackers compromising user authentication methods like password spraying, phishing, and token theft or replay, Microsoft has introduced video-based user verification as an enhanced security measure. The company also said that it will roll out an update for automatically rotating token signing keys with no human interaction to prevent mishandling.

Microsoft also said that it will roll out an update for automatically rotating token signing keys with no human interaction to prevent mishandling. Token signing keys are used to authenticate tokens that carry information about a user’s device, the access permissions they have, session data, etc.

It has also enabled Microsoft Purview features to prevent attackers from extracting sensitive information such as passwords or tokens that can be reused in future attacks. Microsoft said it has further added proprietary data in security tokens to prevent attackers from forging such tokens.

To reduce the potential attack surface, Microsoft said it took down over 7,30,000 unused apps and eliminated 5.75 million inactive tenants. Tenants is a term used to describe the suite of services assigned to a Microsoft