Error in Azure Gives Control Over Someone Else's Account

Microsoft: Choose Something Better Than Two-Step Verification Via Sms

Microsoft is calling for not using multi-step verification via SMS wherever possible. The system is still more secure than just a password.

 

Alex Weinert, who heads Microsoft’s Identity Security, in a blog post on the company site, urges users not to use two-step verification via SMS where possible. These messages can be intercepted.

Weinert has long advocated multi-step verification, in which you need a hardware key, an app or SMS to log in in addition to a password.

According to him, the system stops more than 99% of phishing and hacking attempts on Microsoft accounts. But not every form of two-step verification is equally secure, he writes.

With two-step verification, where you receive the extra key via a text message or a voice message, there is still a small chance that the message will be intercepted, because those messages are sent via public telephone networks.

The keys are sent in plain text, as it is challenging to encrypt SMS messages. The time limit on keys sent via such a message is also longer, which means there is more time to hijack a login procedure.

Leave a Reply

CDU Board Meets About Power Struggle Around Succession Merkel Previous post Germany Sees Signs of Progress in the Fight Against Coronavirus
EU Opens New Arsenal of Sanctions Against Belarus Next post European Union Heading for Crisis in Rule of Law Clash With Hungary