SMS authentication has been a popular method of increasing security for end-users across the globe for many years. By sending a verification code to a user's mobile phone, SMS authentication helps to prevent unauthorized access to sensitive information. However, it also has a major flaw: it can be intercepted by hackers or malicious actors. Hackers have been known to intercept SMS messages, allowing them to gain access to sensitive information such as passwords or personal data. Additionally, if a user's phone or SIM card is stolen, the thief could use SMS authentication to access sensitive accounts. That is why the National Institute of Standards and Technology (NIST) recommends not using it for sensitive applications. And Microsoft agrees with this advice.
Starting in July 2023, Microsoft will phase out SMS authentication for a more secure option of Multi Factor Authentication (MFA), where users use their login credentials and match numbers on the screen with an authentication app.
MFA is much more secure as it requires users to provide multiple pieces of evidence to verify their identity. This makes it easier for users to securely access their accounts, and harder for hackers to gain access.
Multi factor authentication is based on three simple factors:
If you are deploying MFA, make sure it is based on matching numbers, not just pressing a button when notified. Authentication is more secure and effective when multiple factors are required. If you are still using SMS, you should seriously consider migrating to MFA. Want to learn more? Request a consultation today.