Previous post
Posted on: 5 September 2023
Author: Karen Rogers
In the ever-evolving landscape of business IT support and specifically Cyber Security, Multi-Factor Authentication (MFA) has become a cornerstone for protecting sensitive data and digital identities. Microsoft, one of the giants in the tech industry, has been at the forefront of implementing MFA for its users. However, recent developments indicate that the days of using SMS and phone calls as MFA methods might be numbered within the Microsoft ecosystem. In this blog post, we’ll delve into the reasons behind this change, the potential risks associated with SMS and phone call MFA, and what this transition means for users.
While Microsoft hasn’t officially announced an end date for the SMS and phone call MFA methods, a notable shift has been observed in their approach. Business IT support provider and Cyber Security experts Corbel Solutions have noticed that Microsoft is disabling the option to use SMS and phone calls as MFA methods within their tenants. This forces users to manually enable these methods if they wish to use them, and it’s an indication that Microsoft might be moving towards phasing them out entirely.
The security concerns surrounding SMS and phone call-based MFA have been well-documented over the years. These methods, although more secure than single-factor authentication, fall short when compared to more advanced alternatives like approval push to applications or physical OTP tokens. Here’s why:
One of the primary weaknesses of SMS-based MFA is that the messages are not encrypted. This makes them vulnerable to interception by malicious actors. Hackers with the right tools and knowledge can intercept these messages, gaining access to the verification codes.
Attack Vectors: SMS and phone call MFA methods have been known to be susceptible to various attack methods. From SIM swapping attacks to phishing schemes, hackers have developed sophisticated ways to bypass these MFA methods. Even with a second layer of authentication, vulnerabilities remain.
Phone calls can also be vulnerable to social engineering attacks where attackers manipulate individuals into divulging sensitive information. By impersonating legitimate entities, attackers can convince users to provide verification codes, rendering MFA useless.
The signs of Microsoft gradually phasing out SMS and phone call MFA methods suggest that the company is aligning with the broader industry trend toward more secure authentication methods. While Microsoft hasn’t provided an official timeline, it’s reasonable to anticipate that they will eventually discontinue these methods entirely. This shift is likely driven by the company’s commitment to enhancing security and staying ahead of cyber threats.
As Microsoft’s MFA landscape evolves, users should consider taking the following steps:
If you’re still relying on SMS or phone call-based MFA, now might be a good time to explore more secure alternatives. Approval push notifications to applications, physical security keys, and time-based OTP tokens are among the more robust options available.
Keep an eye on Microsoft’s official communications and announcements. While the end of SMS and phone call MFA might not be immediate, staying informed will allow you to make timely adjustments to your Cyber Security practices. Ipswich based business IT support provider and Cyber Security experts Corbel Solutions will be proactively engaging with our direct customers to transition them in readiness.
If you’re currently using SMS or phone call MFA, ensure that your contact information with Microsoft is up-to-date. This will be crucial if you decide to continue using these methods or need them during the transition period.
As the digital landscape evolves, so do the methods we use to secure our online presence. The potential phasing out of SMS and phone call MFA methods within the Microsoft ecosystem is a testament to the company’s dedication to providing robust security solutions. While no official timeline has been provided, users should prepare for this change by exploring more secure authentication methods.
By staying informed and proactive, users can continue to safeguard their digital identities effectively. Contact the Corbel team to discuss any concerns you have regarding your MFA configuration and we would be happy to advise you on the options available.
Corbel Solutions provide Business IT Support to businesses across Ipswich, Felixstowe, Woodbridge, Stowmarket and the surrounding Suffolk area. Alongside Business IT Support, Corbel Solutions also offer an award winning range of services from Cyber Security, IT Consultancy Services to Office 365 Support. If you would like to find out more information or have a chat with one of our team members, feel free to book an online meeting, email us on info@corbel.co.uk or give us a call on 01473 241515.
Previous post
Next post