TECH NEWS

Microsoft Ditches SMS-Based 2FA Because It's Too Easy to Hack

https://i.extremetech.com/imagery/content-types/02CH9T5el9M6rtRV2oXspbY/hero-image.fill.size_1200x675.png

Microsoft is phasing out SMS-based two-factor authentication (2FA) and SMS one-time passwords (OTPs) for personal Microsoft accounts. Calling SMS-based logins "a leading source of fraud," the company now encourages users to use passkeys, the Microsoft Authenticator app, or a verified email to access their accounts on Windows, Microsoft Office, Xbox, and OneDrive.

For years, Microsoft's security leadership has warned that SMS and voice-based 2FA are among the weakest authentication methods. Criminals can abuse SIM-swap scams, intercept messages on a phone's network, or use social engineering to trick users into entering one-time codes on phishing sites. SMS messages also lack network encryption and can experience reliability issues.

On the other hand, Passkeysand app-based authentication rely on cryptographic keys and device-bound credentials, which make phishing and credential theft harder. Microsoft now promotes these methods as the default. For recovery, the company is also emphasizing verified email over text...

Copyright of this story solely belongs to extremetech.com. To see the full text click HERE

Read more

https://images.wsj.net/im-18865992/social

Sources: OpenAI is preparing to file confidentially for an IPO as early as Friday; the company plans to be ready to go public as early as September

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. App Spotlight: Quo for Zoho CRM — App Spotlight brings you hand-picked solutions that enhance your