Forum Discussion

Paul151985's avatar
Paul151985
Copper Contributor
Aug 14, 2022
Solved

OTP

Hi   I just wanted to share this thing. I mean we all are aware that passwords are lame. It can be easily just hacked by a malicious individual. Then came the one time pin. We felt secure by this...
identity and access management
  • Harald_Wallus's avatar
    Harald_Wallus
    Aug 16, 2022

    Paul151985 

     

    I'm not the specialist for hackers. But
    Microsoft has send the code via SMS. SMS can be hacked by intersection of the communication, e.g. using "false base station" or Hacking of the ‘Personal Account’ of the subscriber on the site or application of the cellular operator and forwarding all messages to the attacker`s address.
    One of this could be happend.
     
    If you receive the Microsoft code, the attacker send a second one, asking you to verify your login. I don't know how the hacker then can lead you to a fake site (maybe proxy, what ever?). Then the attacker has your password.
    You have used the signin-page of microsoft, and you see, your account is at risk. It looks that Microsoft cloud application security has detected a second login for your account, which looks strange, because it is from another location, or it is from a non registered device.

    This shows, we all have to move to passwordless authentication, because it is phishing resistant.

     

    Harald

     

irfanaspl's avatar
irfanaspl
Copper Contributor
Oct 20, 2022

Your password may be known to someone if you have https://smsala.com/blog/sms-otp-for-your-customers/ enabled and you received a verification code. Were I you, I'd change your password even though your account should not have been breached

 

Regards

Irfan

https://smsala.com

  • Paul151985's avatar
    Paul151985
    Copper Contributor
    Sep 19, 2023
    a good suggestion. changed password from time to time. thanks

Resources