Microsoft: Multi-factor authentication 99,9% protection

Microsoft states that the that enable multi-factor authentication (MFA) on their accounts can block 99,9% of automated attacks.

The recommendation applies not only to Microsoft accounts, but also to any other profile, on any other website or online service.

Microsoft

If your service provider supports multi-factor authentication, Microsoft strongly recommends using it, whether it is simple, such as SMS-enabled passwords, or advanced biometric data solutions.

"Based on our research, your account is 99,9% less likely to be compromised if you use an MFA," said Alex Weinert, Program Manager for Microsoft Security and Identity Protection.

Passwords no longer matter

Weinert also said that the old advice of "never use a password found in a breach" or "use very large passwords" does not really help.

He must know something. Weinert was one of the Microsoft technicians who worked to stop the use of passwords that exist online from previous breaches. The company executive has been trying to stop using the specific passwords in the services: Microsoft Account and Azure AD since 2016.

The result; Microsoft users who used or were trying to use a leaked password should immediately change their credentials.

But Weinert noted that despite banning the specific codes, the they continued to hack Microsoft accounts for years to come.

He attributed this to the fact that passwords or their complexity no longer matter. Today, hackers have many different methods at their disposal to obtain users' credentials and in most cases the password does not matter.

With more than 300 hacking attempts seen daily in Microsoft's cloud services, Weinert says that enabling multi-factor authentication solutions prevents 99,9% of these unauthorized login attempts, even if the hackers know the user's password.

0,1% corresponds to the much more sophisticated attacks that use technical means to obtain MFA tokens, but these attacks are still very rare compared to the daily life of botnets.


In May, Google had he says something similar, namely: that users who added a recovery phone number to their accounts (and indirectly activated 2fa via SMS) also improved their account security.

Our research shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bot attacks, 99% of mass phishing attacks, and 66% of targeted attacks that occur during of our research.

So since Microsoft and Google agree, it would be good to listen to them. From iGuRu.gr we have he says again in earlier posts that the of passwords doesn't really help.

Picture MFA: NIST

__________________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).