Microsoft thinks it has a new way to make 2FA security better, and less annoying for you

By Nick Heyman On May 9, 2023

Microsoft has changed the way its authenticator app works, in an effort to make it more secure by preventing multi-factor authentication (MFA) fatigue attacks.

When receiving a push notification from Microsoft Authenticator on their secondary device, such as a smartphone, to verify a login attempt, users will now have to input a two digit code shown on the primary device. This means that they cannot accept a login attempt unless they can actually see the login screen.

In MFA attacks, the hope is that users blindly verify login attempts after being bombarded with them, just to make them stop or by mistake after being worn down. This method has been quite successful in penetrating large corporations – including Microsoft itself – once hackers have stolen a worker’s initial login credentials.

Rolling out now

On the company’s Learn (opens in new tab) website, Microsoft explained that, “Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. We will remove the admin controls and enforce the number match experience tenant-wide for all users of Microsoft Authenticator push notifications starting May 8, 2023.”

It also said that various services will be being employing this new change, and that some services may see number matching and others won’t. But before Microsoft removes the admin controls, users can manually make the switch by navigating to Security > Authentication methods > Microsoft Authenticator in the Azure portal.

Then, under Enable and Target, you can choose which users it will apply to, by setting the Authentication mode to Any or Push. Under the Configure tab, you’ll see Require number matching for push notifications. Change the status to Enable and choose who it applies to, then click save.

Microsoft also explains how you can use Graph APIs to enable the new number matching feature for certain groups.

The company also noted that, “If the user has a different default authentication method, there won’t be any change to their default sign-in.”

“If the default method is Microsoft Authenticator and the user is specified in either of the following policies, they’ll start to receive number matching approval after May 8th, 2023.”

Further security measures can be take to prevent MFA fatigue attacks by restricting the number of authentication requests (opens in new tab), alerting admins or locking accounts if that number is exceeded.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.