"Microsoft Advises Users to Stop Using SMS- And Voice-Based MFA"
Multi-factor authentication (MFA) is better than relying just on a password for security. The rate of compromise of accounts using any type of MFA was less than 0.1% last year. Researchers at Microsoft are advising people to avoid using authentication factors being delivered via SMS and voice calls and state that there are safer and more reliable ways to get additional authentication factors. The researchers stated that SMSes and phone calls were designed without encryption and can be intercepted by adversaries. The researchers also stated that support agents at companies operating publicly switched telephone networks can be tricked, bribed, or coerced by attackers to provide access to the victims’ SMS or voice channel.
Help Net Security reports: "Microsoft Advises Users to Stop Using SMS- And Voice-Based MFA"