Microsoft warns on SIM Swap… Take it serious

Microsoft on Tuesday advised internet users to embrace multi-factor authentication (MFA)… except where public switched telephone networks are involved.

Multi-factor authentication, for those who haven’t been paying attention, involves adding one or more additional access requirements to password-based authentication. So an online bank, for example, might send a text message to the mobile phone number associated with a given account to make it more likely that the person entering the account password is authorized to access the account.

The technique isn’t foolproof though it offers additional defense against attackers who gain access to, or guess through various techniques, the password for a victim’s online account. MFA can also be used in conjunction with a password manager: think of multi-factor authentication as an additional layer of protection.

Microsoft, says people should definitely use MFA. He claims that accounts using any type of MFA get compromised at a rate that’s less than 0.1 per cent of the general population.null. So users should stop relying on SMS or Voice calls for OTP which are least secure and can be breaker easily

Hacking techniques like SIM swapping – where a miscreant calls a mobile carrier posing as a customer to request the customer’s number be ported to a different SIM card in the attacker’s possesion. Easily a backdoor malware harvested to steal two factor authentication.

The Authenticator uses encrypted communication, allowing bi-directional communication on authentication status, and we’re currently working on adding even more context and control to the app to help users keep themselves safe.

Popular Mobile authenticator apps alternate to Microsoft are Twilio’s Authy, Cisco’s Duo Mobile, Google Authenticator, and password managers like 1Password and LastPass. Any of these would be an improvement over SMS and voice