https://community.isc2.org/t5/Tech-Talk/SIM-Based-Authentication-to-reduce-Phishing-attacks/m-p/51205#M3520 <P>General advice I hear is "<SPAN>SMS and call-based MFA [are] the least secure of the MFA methods available today" [<A href="https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/" target="_blank" rel="noopener">cite</A>].&nbsp;&nbsp;</SPAN>It is good to see that the article's subject is attempting to address SMS weaknesses.</P><P>&nbsp;</P><P>My personal favorite MFA defense at the moment is the "<A href="https://m365admin.handsontek.net/microsoft-authenticator-code-matching-for-mfa-notifications/" target="_blank" rel="noopener">number matching</A>" mechanism.&nbsp;<SPAN>That said, <STRONG>Even the worst MFA is substantially better than NO MFA</STRONG>, so I will gladly leverage whatever the IdP offers.</SPAN></P><P>&nbsp;</P><P><SPAN>Plus, we should be striving to minimize user-disruption with technologies such as cert-auth, SSO, and face-id, reserving traditional MFA for high-risk activities such as device registration and password resets.</SPAN></P> Thu, 26 May 2022 04:23:06 GMT denbesten 2022-05-26T04:23:06Z https://community.isc2.org/t5/Tech-Talk/SIM-Based-Authentication-to-reduce-Phishing-attacks/m-p/51195#M3518 <P>Hi All</P><P>&nbsp;</P><P>This looks like an interesting idea for reducing phishing attacks against mobile devices.</P><P>&nbsp;</P><P>What do you think?</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2022/05/sim-based-authentication-aims-to.html" target="_blank">https://thehackernews.com/2022/05/sim-based-authentication-aims-to.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 09 Oct 2023 10:11:52 GMT https://community.isc2.org/t5/Tech-Talk/SIM-Based-Authentication-to-reduce-Phishing-attacks/m-p/51195#M3518 Caute_cautim 2023-10-09T10:11:52Z https://community.isc2.org/t5/Tech-Talk/SIM-Based-Authentication-to-reduce-Phishing-attacks/m-p/51205#M3520 <P>General advice I hear is "<SPAN>SMS and call-based MFA [are] the least secure of the MFA methods available today" [<A href="https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/" target="_blank" rel="noopener">cite</A>].&nbsp;&nbsp;</SPAN>It is good to see that the article's subject is attempting to address SMS weaknesses.</P><P>&nbsp;</P><P>My personal favorite MFA defense at the moment is the "<A href="https://m365admin.handsontek.net/microsoft-authenticator-code-matching-for-mfa-notifications/" target="_blank" rel="noopener">number matching</A>" mechanism.&nbsp;<SPAN>That said, <STRONG>Even the worst MFA is substantially better than NO MFA</STRONG>, so I will gladly leverage whatever the IdP offers.</SPAN></P><P>&nbsp;</P><P><SPAN>Plus, we should be striving to minimize user-disruption with technologies such as cert-auth, SSO, and face-id, reserving traditional MFA for high-risk activities such as device registration and password resets.</SPAN></P> Thu, 26 May 2022 04:23:06 GMT https://community.isc2.org/t5/Tech-Talk/SIM-Based-Authentication-to-reduce-Phishing-attacks/m-p/51205#M3520 denbesten 2022-05-26T04:23:06Z