Weinert says that both SMS and voice calls are transmitted in cleartext and can be easily intercepted by determined attackers, using techniques and tools like software-defined-radios, FEMTO cells, or SS7 intercept services. The Microsoft exec cites several known security issues, not with MFA, but with the state of the telephone networks today. For the past year, Weinert has been advocating on Microsoft's behalf, urging users to embrace and enable MFA for their online accounts.Ĭiting internal Microsoft statistics, Weinert said in a blog post last year that users who enabled multi-factor authentication (MFA) ended up blocking around 99.9% of automated attacks against their Microsoft accounts.īut in a follow-up blog post today, Weinert says that if users have to choose between multiple MFA solutions, they should stay away from telephone-based MFA. The warning comes from Alex Weinert, Director of Identity Security at Microsoft. While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.
