Forum Discussion

BrittanyCCP's avatar
BrittanyCCP
Icon for Microsoft rankMicrosoft
Jul 17, 2023

New Blog | Advancing Modern Strong Authentication

In a previous blog, It's Time to Hang Up on Phone Transports for Authentication, discussed the vulnerabilities of multifactor authentication (MFA) mechanisms such as SMS and voice. A recent MFA research study from Microsoft concludes that SMS is 40% less effective in stopping bad actors compared to the Microsoft Authenticator app.  

 

We've also continued to bolster our Authenticator offering by upleveling security. But, despite the clear advantages to moving away from phone-based authentication, we still see around 44% of MFA traffic through SMS and voice phone calls. Bad actors continue to exploit MFA based on phone methods. Together, we can use stronger authentication methods to protect our users.  

 

Read the full blog: Advancing Modern Strong Authentication - Microsoft Community Hub

  • Jagger69's avatar
    Jagger69
    Copper Contributor

    Hello, it's a great news!

    When will FIDO2 security key authentication be natively supported in Microsoft mobile applications both on iOS and Android?

  • AO53KWAsdf's avatar
    AO53KWAsdf
    Copper Contributor

    BrittanyCCP 

     

    While it's nice Safari on macOS now supports FIDO2, I've noticed this isn't the case for WKWebView.

    This is the builtin webview/web browser on macOS & iOS thats reused by Teams, Word, Outlook and the like for the popup authentication dialog.

    So while Safari now works, MS native applications still have broken FIDO2 support. 😞

    Any news on that?

Resources