Un ejecutivo de Microsoft insta a las empresas a que abandonen el método de autenticación multifactor (MFA) más popular (códigos de acceso de una sola vez enviados a dispositivos móviles por texto o voz) para diferentes enfoques, incluidos los autenticadores. aplicaciones, que dice que son más seguras.
"It's time to start moving away from voice and SMS multi-factor authentication (MFA) mechanisms," Alex Weinert, director of identity security, said in a November 10 Microsoft blog post. "These mechanisms are based on public switched telephone networks (PSTN), and I believe they are the least secure of the MFA methods currently available." Weinert argued that other MFA methods are more secure, calling out Microsoft Authenticator, his company's app-based authenticator, and Windows Hello, the generic tag for Microsoft's biometric technology, including facial recognition and fingerprint verification. It's no coincidence that Weinert praised the technologies that Microsoft has vigorously pushed in its campaign to convince companies to go password-free. More than a year ago, Weinert explained how, in his opinion, passwords alone are not a defense against credential theft, but by enabling multi-factor authentication, "your account is 99,9% less likely to to be compromised." That advice hasn't changed, but Microsoft's stance on MFA has now been scaled back. “MFA is essential: we are discussing which MFA method to use, not whether to use MFA,” he wrote last week. Weinert flagged a list of security vulnerabilities in voice and SMS-based MFA, the technique that typically sends a six-digit code to a predetermined, verified phone number. These flaws, Weinert said, ranged from a lack of encryption (texts are sent unencrypted) to vulnerability to social engineering. App-based authentication, Weinert argued, is a much more secure way to achieve the WFA's purposes. He went on to promote Microsoft Authenticator, which comes in versions for Android from Google and iOS from Apple. Authenticator features encrypted communication, supports facial recognition and fingerprints, allowing users to authenticate using these technologies when, for example, company-supplied laptops do. No. Authenticator also supports one-time passcodes, duplicating the SMS-based WFA mechanism, albeit in end-to-end encrypted form. To some extent, Microsoft has put its policies where they were. Starting last year, new Office 365 and Microsoft 365 clients come with a set of default option settings called Default Security Settings, which require each user to authenticate via MFA. The Microsoft Authenticator app is the default MFA method.
<p>Copyright © 2020 IDG Communications, Inc.</p>