Forum Discussion
MicrosoftNew Blog | Advancing Modern Strong Authentication
In a previous blog, It's Time to Hang Up on Phone Transports for Authentication, discussed the vulnerabilities of multifactor authentication (MFA) mechanisms such as SMS and voice. A recent MFA research study from Microsoft concludes that SMS is 40% less effective in stopping bad actors compared to the Microsoft Authenticator app.
We've also continued to bolster our Authenticator offering by upleveling security. But, despite the clear advantages to moving away from phone-based authentication, we still see around 44% of MFA traffic through SMS and voice phone calls. Bad actors continue to exploit MFA based on phone methods. Together, we can use stronger authentication methods to protect our users.
Read the full blog: Advancing Modern Strong Authentication - Microsoft Community Hub
2 Replies
Hello, it's a great news!
When will FIDO2 security key authentication be natively supported in Microsoft mobile applications both on iOS and Android?
While it's nice Safari on macOS now supports FIDO2, I've noticed this isn't the case for WKWebView.
This is the builtin webview/web browser on macOS & iOS thats reused by Teams, Word, Outlook and the like for the popup authentication dialog.
So while Safari now works, MS native applications still have broken FIDO2 support. 😞
Any news on that?
