Keep up to date with the experts

Get insights direct to your email inbox

Subscription Form exit intent popup

Follow us on social

“We needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.”

IT Operations Manager

Simon Darley

Trusted by industry leaders

Request a Quote.

First we need a few details.

Contact Form Primary popup

By continuing, you agree to our Terms & Privacy Policy

Choosing a Secure MFA Solution

,
In a nutshell:
What to understand more about the importance of MFA?
Enabling MFA to your device results in your account being 99.9% less likely to be breached.

At Stripe OLT, we’ve seen a massive increase in organisations that are starting to implement basic best practise policies and procedures. For many, setting up easy and immediate solutions, like password managers and switching on Multi-Factor Authentication, has been the first place to start.

Multi-Factor Authentication (MFA) is an effective and well-known security best practice which both businesses and individuals should already be utilising. This essentially refers to a method of security in which a device requires more than one form of verification before granting access – rather than relying on an easily compromised static password. In fact, based on Microsoft research, enabling MFA to your device results in your account being 99.9% less likely to be breached.

However, for those that have recently taken the first step and switched on MFA, it’s worth noting the recent warning from Alex Weinert, Microsoft’s Director of Identity Security. His recent announcement has urged users to avoid phone-based MFA solutions, stating that “SMS and call-based MFA are the least secure of the MFA methods available today”, for a variety of reasons:

Examples of telephone-based MFA solutions can include one-time passcodes (OTP) sent by SMS or received via voice calls, and whilst this added layer of security is preferable over nothing – it is the insecure and unprotected telephone networks that are the problem, not the MFA solution.

The Problem

No Encryption

Due to practicality, SMS and voice protocols cannot be encrypted, essentially because it would prevent users from being able to read them – Therefore, hackers are easily able to intercept these messages. They use techniques, like installing a software defined radio, or utilising an SS7 intercept service, to spy on phone traffic and intercept messages.

Social Engineering

Hackers often target employees at phone networks, manipulating them into call forwarding or SIM swapping – essentially resulting in the hacker receiving the OTP or calls on behalf of the user.

Performance Issues

Downtime is not unusual for phone networks, due to the changing regulations and general unreliability – this therefore effects the overall performance of MFA solutions as users may not be able to access the messages when needed.

Essentially, SMS and voice-based MFA solutions appear dated and unreliable when compared to the rising sophistication of cyber crime in today’s digital landscape. The widespread adoption of MFA mechanisms has prompted attackers to evolve and thus attempts to breach MFA authentications are becoming more common – with phone-based solutions having the highest likelihood for success.

However, it’s not all doom and gloom…

The Solution

A good starting point, for a reliable MFA solution, is Microsoft’s Authenticator MFA app – it’s free to download on your mobile device and provides a dependable level of security on top of your password.

In addition, the Authenticator uses encrypted communication alongside other security measures, such as hidden notifications, an app lock, and sign-in history. Some highlights from Microsoft’s Authenticator include:

Password-less Sign In

Using the Authenticator app, users can sign-in to their personal accounts using biometrics such as facial recognition or a fingerprint instead of a static password.

Two-Step Verification

You can set your device to still require a password in addition to your fingerprint, PIN or facial recognition in order to add further security.

Time-Based, One-Time Passwords

The Authenticator app still supports time-based, one-time passwords, allowing you to add and safeguard additional accounts to the app.

Ultimately, a phone-based MFA is better than no MFA at all – whichever method you opt to have it is essential to use at least use one MFA solution – after all, accounts using this have a compromise rate of less than 0.1% across the population.

However, in utilising an app-based authenticator, rather than a phone-based solution, you benefit from additional layers of security, whilst alleviating the risks associated with phone-networks and providers.

For more information into how you can protect your workforce and remote data, why not get in touch with one of our experts here.

Our latest insights

  • Cyber security threats

    Top 5 Most Dangerous Cyber Security Threats, SANS Reveals

    May 22, 2023
    Read full article
  • digital UK security

    Key findings: UK Cyber Security breaches Survey 2023

    May 9, 2023
    Read full article
  • What is Microsoft Security Copilot?

    April 21, 2023
    Read full article
  • The Dangers of Chatbots

    April 19, 2023
    Read full article
  • cyber essentials

    Cyber Essentials 2023 update

    April 21, 2023
    Read full article
  • Microsoft announces Co-pilot: The productivity game changer

    March 28, 2023
    Read full article
  • ibm x-force threat intelligence index Breakdown

    March 3, 2023
    Read full article
  • Microsoft Partner Pledge

    March 2, 2023
    Read full article
  • Microsoft price increase image of keyboard

    Microsoft April 2023 Price Increase

    February 15, 2023
    Read full article
  • Chat GPT

    Chat GPT - What's the hype?

    February 3, 2023
    Read full article
  • 12 Tips for a Cyber Safe Christmas

    February 28, 2023
    Read full article
  • The importance of back up and DR

    January 22, 2023
    Read full article