Microsoft
Microsoft
I love the prospect of Microsoft and Samsung partnering to provide the best of all worlds. However, I have a grave security concern about using the Your Phone app as presented at Galaxy Unpacked.
If sms text messages can be received on your PC, and someone gets physical access to your PC but doesn't have physical access to your phone, it seems like they could hack MFA accounts that rely on sms text messages for identity verification, because the identity verification code would appear on the PC to which they have gained access.
It seems like this might be mitigated by limiting your MFA accounts to those that use Microsoft Authenticator. However, even with that, when Android Screen Mirroring becomes available between Windows 10 PC Your Phone app and Samsung phones, that might cause problems if the Authenticator app can display it's OTP codes on the Windows 10 PC that has been compromised. Even if this could be overcome, many financial institutions and other sensitive account vendors don't integrate with Authenticator.
It's similar to the security risk of using email to receive MFA identity verification codes. If someone gains access to your PC and can open your emails, they can gain access to your MFA secured account verification codes.
