Microsoft recommends that you do not use telephony-based authentication



[ad_1]

Telephony-based authentication is not secure And, therefore, it is not recommended, as there are alternatives that are and are available to any user. It is the warning that Alex Weinert, Director of Microsoft’s Identity Security division, and, of course, is founded, as was already known.

It should be made clear that when we talk about telephony-based authentication, we are referring to the file additional password verification process strictly speaking, using the communication channels of the telephone network, not the device itself; And when we do authentication, we mean double authentication, multi-factor authentication, etc., an increasingly popular method of securing online accounts that offers proven effectiveness, but is usually done via SMS calls.

This type of double authentication is the most used because it is the oldest, but for this reason it is not the most secure, since it depends technology that was not designed for such purposes. “When the voice and SMS protocols were developed, they were designed without encryption. From a practical usability standpoint, we cannot overlay encryption on these protocols because users would not be able to read them (there are other reasons as well, such as message saturation, that prevented messages from taking control of the protocols. existing) “, explains Weinert.

In other words, authentication through traditional telephone networks can be easily intercepted, as well as presenting other problems that are not normally taken into consideration, but whose incidence may be even more likely: what happens if you don’t have coverage, if you loses the mobile or, in extreme cases, if someone manages to impersonate your identity, do you know how? Hence, Weinert’s recommendation is use app authentication and, if possible, authentication with security keys, physical devices.

However, while security keys are commonly used only by advanced users, telephony-based dual authentication is widespread and changes the mechanism that must be performed solely by software. consists of installing the application in service and little else, so it’s really affordable for any user. How could it be otherwise, Weinert recommends Microsoft Authenticator, available for Android and iOS, but it is also – indeed, much more popular – Google Authenticator.

But what happens if you lose the mobile phone on which you have installed the authentication application? As it turns out, you can also run the process on your PC or a second mobile as long as you’ve configured everything accordingly, which is what you should do in all cases if your information is important to you. The How We leave it for another day, but as soon as you look at it, you will find it.

[ad_2]
Source link