IT Support, Security & Managed IT Services Blog - iCorps

SMS Authentication Phase Out: Why MFA is Best

Written by Jeffery Lauria | 2023/07/3

Here's What You Need to Know

SMS authentication has been a popular method of increasing security for end-users across the globe for many years. By sending a verification code to a user's mobile phone, SMS authentication helps to prevent unauthorized access to sensitive information. However, it also has a major flaw: it can be intercepted by hackers or malicious actors. Hackers have been known to intercept SMS messages, allowing them to gain access to sensitive information such as passwords or personal data. Additionally, if a user's phone or SIM card is stolen, the thief could use SMS authentication to access sensitive accounts. That is why the National Institute of Standards and Technology (NIST) recommends not using it for sensitive applications. And Microsoft agrees with this advice.

Starting in July 2023, Microsoft will phase out SMS authentication for a more secure option of Multi Factor Authentication (MFA), where users use their login credentials and match numbers on the screen with an authentication app.

Why MFA?

MFA is much more secure as it requires users to provide multiple pieces of evidence to verify their identity. This makes it easier for users to securely access their accounts, and harder for hackers to gain access.

Factors of MFA

Multi factor authentication is based on three simple factors:

  1. Something you know (password or PIN)
  2. Something you have (smartphone with authentication app)
  3. Something you are (biometric face ID or fingerprint)


How to Use MFA

  1. Download an authenticator app
  2. Enter your credentials
    • Enter your credentials on the desired application to trigger MFA.  
    • A number will show up.

  3. Open your authenticator app
    • A number will show up.

  4. Match up the number
    • Match the number on the screen with the number on the app to prove your identity.

 

If you are deploying MFA, make sure it is based on matching numbers, not just pressing a button when notified. Authentication is more secure and effective when multiple factors are required. If you are still using SMS, you should seriously consider migrating to MFA. Want to learn more? Request a consultation today