Turn OFF MFA! - Strengthening Your Online Security
Microsoft's New Measures to Combat Cyber Threats - Turn off SMS MFA?
In the ever-evolving world of cybersecurity, staying one step ahead of malicious actors is crucial. A recent research study from Microsoft has revealed a significant finding: SMS-based Multi-Factor Authentication (MFA) is 40% less effective in thwarting cyber threats compared to the Microsoft Authenticator app. This discovery underlines the urgency of adopting more robust security measures to protect your online identity and data.
Why SMS-Based MFA Falls Short
Microsoft's study sheds light on a disconcerting statistic: despite the proven advantages of switching to the Microsoft Authenticator app, approximately 44% of MFA traffic still relies on SMS and voice phone calls. Unfortunately, this outdated method is all too easy for cybercriminals to exploit. It's time for us to come together and adopt stronger authentication methods to safeguard our digital lives.
Its time to start the process of removing SMS based MFA for mature organisations.
Introducing New Initiatives
To address this critical issue, Microsoft is taking proactive steps to bolster online security for its users. The company is rolling out two major initiatives that promise to enhance your online protection.
1. Modern Strong Authentication Registration Campaign
In November 2021, Microsoft introduced registration campaigns, a feature designed to encourage the adoption of modern authentication methods, starting with the Microsoft Authenticator app. Since its launch, thousands of enterprises have utilized this feature to help over 1.3 million users configure and implement Microsoft Authenticator as their primary authentication method. Responding to customer feedback, Microsoft is introducing new features to provide users with greater control over their registration for modern strong authentication.
One significant enhancement is the introduction of a maximum prompt skip limit. With this update, users will be allowed to postpone their registration up to three times. This extra flexibility gives them adequate time to adapt to the change while also increasing the effectiveness of your campaigns.
Furthermore, for organizations under Microsoft management, the registration feature will be automatically enabled for users who rely solely on SMS or voice for MFA. This change will be rolled out in phases starting this month (July 2023). Keep an eye on the Message Center in the Microsoft 365 admin center for specific notifications about when this change will impact your organization.
2. FIDO2 Support on iOS and macOS Browsers
Excitingly, Microsoft is expanding support for FIDO2 security keys. Now, you can use FIDO2 security keys to sign into Microsoft Entra ID federated applications on iOS and macOS web browsers. These security keys provide a high level of protection against phishing attempts, incorporating a biometric factor (such as a fingerprint) or a PIN.
This enhancement is particularly beneficial for highly regulated organizations, including US Government agencies, which must comply with strict cybersecurity requirements. Such requirements, like Executive Order 14028, necessitate phishing-resistant authentication methods. The FIDO2 security keys fit the bill perfectly.
You can follow the instructions here to enable passwordless sign-in with FIDO2 security keys.
Embrace a Better Way of MFA
By implementing these changes, Microsoft aims to lead millions of users toward a more secure approach to Multi-Factor Authentication. In a world where cyber threats are constantly evolving, these innovations mark a significant step toward better online security.
How to run a registration campaign to set up Microsoft Authenticator | Microsoft Learn
In an era where online security is paramount, these updates from Microsoft are a breath of fresh air, offering stronger protection and peace of mind.