HomeWinBuzzer NewsMicrosoft Wants Users to Ditch Smartphone-Based Multi-Factor Authentication

Microsoft Wants Users to Ditch Smartphone-Based Multi-Factor Authentication

Microsoft says there are too many risks associated with mobile multi-factor authentication solutions and users should use an online tool instead.


Microsoft has often discussed the merits of multi-factor authentication (MFA) for adding security to digital accounts. However, the company is now pushing users to stop using MFA solutions that are available on smartphones.

Alex Weinert, Director of Identity Security for Microsoft, is pushing Microsoft’s call. He and the company want users to embrace multi-factor authentication, but not through mobile phones. Phone solutions include SMS, one-off codes, and calls.

Microsoft wants users to switch to better solutions like security keys, app-based authentication, and others. These are new MFA tools that provide more security.

Weinert points to Microsoft data that shows those who use multi-factor authentication were able to block 99.9% of all automated attacks. These statistics reflect solely on Microsoft Accounts. While any MFA tool is good, he suggests phone-based solutions are easier to bypass.

According to Weinert, the problem is security issues with phone networks, not so much the MFA tools themselves.

Inherent Dangers

For example, SMS and voice call MFA solutions rely on mobile networks that transmit in cleartext. Intercepting these transmissions is relatively easy through familiar tools used by hackers. Weinert also points out SMS solutions are open to phishing campaigns.

“Today, I want to do what I can to convince you that it’s time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms. These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today. That gap will only widen as MFA adoption increases attackers’ interest in breaking these methods and purpose-built authenticators extend their security and usability advantages.”

Naturally, Weinert suggests users use a Microsoft solution to handle their MFA. Specifically, the company’s Authenticator tool alongside hardware security keys.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News