FB pixel

Microsoft tweaks security across platforms with MFA, sign-in change

Mandatory MFA aims to strengthen account security. So why leave users signed in?
| Joel R. McConvey
Categories Access Control  |  Biometrics News  |  Facial Recognition
Microsoft tweaks security across platforms with MFA, sign-in change
 

Microsoft has announced a patch for the critical authentication bypass by spoofing flaw in its Azure AI Face service. MSSP Alert says that the face biometrics vulnerability has been fixed and was not exploited by bad actors.

The mega-company is clamping down on security in the face of escalating cyber attacks targeting facial biometric authentication. Last year it announced that multi-factor authentication (MFA) was to become mandatory for Azure sign-ins. Its website’s learning portal has an article on how to plan for mandatory MFA measures, which outlines the scope of enforcement, implementation and enforcement.

Businesses using Microsoft Entra can use various options to enable MFA for users, including Microsoft Authenticator, which facilitates sign-in approvals through biometrics, one-time passcodes, FIDO2 security keys, certificate-based authentication, passkeys, and SMS or voice approval.

An internal survey by Microsoft revealed that multi-factor authentication can block over 99.2 percent of account compromise attacks.

Of note to biometric authentication and digital identity providers is the following section:

“Support for external MFA solutions is in preview with external authentication methods, and can be used to meet the MFA requirement.”

Users express strong opinions on change to account sign-in

Seemingly on the other end of the security spectrum, Microsoft is moving to keep users signed-in to accounts unless they sign out or use private browsing. As noted in a piece in The Verge, “it’s a change that people will need to be aware of, especially if they’re using a public computer.”

At present, Microsoft always asks users if they want to stay signed in.

No reason is given for the change, but user comments suggest some vexation.

“How is it that the largest software company in the world, that’s been around for 50 years, sucks so bad at everything it does?” asks one.

Another, who claims to work in IT, prefers bluntness to inquiry: “This actually sucks big time.”

Related Posts

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Face biometrics use cases outnumbered only by important considerations

With face biometrics now used regularly in many different sectors and areas of life, stakeholders are asking questions about a…

 

Biometric Update Podcast explores identification at scale using browser fingerprinting

“Browser fingerprinting is this idea that modern browsers are so complex.” So says Valentin Vasilyev, Chief Technology Officer of Fingerprint,…

 

Passkeys now pervasive but passwords persist in enterprise authentication

Passkeys are here; now about those passwords. Specifically, passkeys are now prevalent in the enterprise, the FIDO Alliance says, with…

 

Pornhub returns to UK, but only for iOS users who verify age with Apple

In the UK, “wanker” is not typically a term of endearment. However, the case may be different for Pornhub, which…

 

Europol operated ‘shadow’ IT systems without data safeguards: Report

Europol has operated secret data analysis platforms containing large amounts of personal information, such as identity documents, without the security…

 

EU pushes AI Act deadlines for high-risk systems, including biometrics

The EU has reached a provisional agreement on changes to the AI Act that postpone rules on high-risk AI systems,…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events