Texting Is Cool But Not For MFA


The question is not whether you should have multifactor authentication (MFA); instead, what type? MFA is utterly essential when it comes to your business and personal data security. In the world of multifactor authentication, not all avenues are created equal. Although having something is better than nothing, in this case, that is not the attitude that you should have concerning your security. In 2016, NIST (National Institute of Standards and Technology) proposed restricting the use of SMS or voice for MFA, and although they softened their approach, they still do not recommend this method of MFA. Microsoft recently began campaigning against using SMS or voice for MFA. Today we are going to look at why the big push and what avenue is best for MFA.


When we look at security, typically, we are looking for the most secure tools and practices. This is why it is mind-boggling that many still use SMS for MFA. In the words of Microsoft’s director of security, Alex Weinert, “They’re (SMS and voice) the least secure of the MFA methods available today.” You would not buy the least safe car for your family to ride in, so you shouldn’t use the least secure method of MFA to protect your data. Hackers can easily intercept SMS and voice-based one-time passwords. Once intercepted, these savvy criminals can penetrate the network or take over the account. This interception can easily happen today but will become even more straightforward as signals can be intercepted by anyone within the radio range of a device or who can get access to the switching network.


When shopping for MFA, what is recommended as the best to provide your business with the most secure advantage? For the most secure method of MFA, app-based authentication is the reigning winner. Microsoft Authenticator has been noted as the champion as it uses encrypted communication and allows for bidirectional communication. Also, Microsoft recently added app-lock, enabling you to hide notifications from the lock screen and sign-in history. This Microsoft app-based authentication has what you need to keep your business secure.


If you are ready to take security seriously, then it is time to contact your Pendello Solutions team. Our team of business technology associates knows the best of the best for protection and specifically MFA. Our team can help you assess your risk and help you decide what method will help you keep your business and your data secure.