FB pixel

Microsoft tweaks security across platforms with MFA, sign-in change

Mandatory MFA aims to strengthen account security. So why leave users signed in?
| Joel R. McConvey
Categories Access Control  |  Biometrics News  |  Facial Recognition
Microsoft tweaks security across platforms with MFA, sign-in change
 

Microsoft has announced a patch for the critical authentication bypass by spoofing flaw in its Azure AI Face service. MSSP Alert says that the face biometrics vulnerability has been fixed and was not exploited by bad actors.

The mega-company is clamping down on security in the face of escalating cyber attacks targeting facial biometric authentication. Last year it announced that multi-factor authentication (MFA) was to become mandatory for Azure sign-ins. Its website’s learning portal has an article on how to plan for mandatory MFA measures, which outlines the scope of enforcement, implementation and enforcement.

Businesses using Microsoft Entra can use various options to enable MFA for users, including Microsoft Authenticator, which facilitates sign-in approvals through biometrics, one-time passcodes, FIDO2 security keys, certificate-based authentication, passkeys, and SMS or voice approval.

An internal survey by Microsoft revealed that multi-factor authentication can block over 99.2 percent of account compromise attacks.

Of note to biometric authentication and digital identity providers is the following section:

“Support for external MFA solutions is in preview with external authentication methods, and can be used to meet the MFA requirement.”

Users express strong opinions on change to account sign-in

Seemingly on the other end of the security spectrum, Microsoft is moving to keep users signed-in to accounts unless they sign out or use private browsing. As noted in a piece in The Verge, “it’s a change that people will need to be aware of, especially if they’re using a public computer.”

At present, Microsoft always asks users if they want to stay signed in.

No reason is given for the change, but user comments suggest some vexation.

“How is it that the largest software company in the world, that’s been around for 50 years, sucks so bad at everything it does?” asks one.

Another, who claims to work in IT, prefers bluntness to inquiry: “This actually sucks big time.”

Related Posts

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Philippines plans ID verification for healthcare with PhilSys integration

The Philippines is planning to modernize its healthcare delivery system with an integration of the Philippine Identification System (PhilSys). An…

 

Inaugural Age Assurance Industry Awards crown winners at gala

The age assurance industry has its Oscars. In a posh ceremony hosted by BBC presenter Charlie Stayt, the first-ever Age…

 

Corsight revealed as facial recognition supplier for Canadian police bodycam trial

The face biometrics algorithms used by police in Edmonton, Alberta, Canada on body-worn cameras during a recent trial is supplied…

 

Regula improves consistency in complex document forensics with 4308M spectral comparator upgrade

Regula has significantly upgraded its 4308M dual‑video spectral comparator. The hardware and software changes should perk up decision makers at…

 

Kazakhstan adopts palm‑vein biometrics for banking in national deployment

Palm biometrics is getting a big boost in Central Asia as one of the world’s largest countries sees major implementation…

 

GAO warns federal AI procurement is repeating the same mistakes

While U.S. government agencies are buying more AI tools across government, a new Government Accountability Office (GAO) report says key…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events