FB pixel

Microsoft tweaks security across platforms with MFA, sign-in change

Mandatory MFA aims to strengthen account security. So why leave users signed in?
| Joel R. McConvey
Categories Access Control  |  Biometrics News  |  Facial Recognition
Microsoft tweaks security across platforms with MFA, sign-in change
 

Microsoft has announced a patch for the critical authentication bypass by spoofing flaw in its Azure AI Face service. MSSP Alert says that the face biometrics vulnerability has been fixed and was not exploited by bad actors.

The mega-company is clamping down on security in the face of escalating cyber attacks targeting facial biometric authentication. Last year it announced that multi-factor authentication (MFA) was to become mandatory for Azure sign-ins. Its website’s learning portal has an article on how to plan for mandatory MFA measures, which outlines the scope of enforcement, implementation and enforcement.

Businesses using Microsoft Entra can use various options to enable MFA for users, including Microsoft Authenticator, which facilitates sign-in approvals through biometrics, one-time passcodes, FIDO2 security keys, certificate-based authentication, passkeys, and SMS or voice approval.

An internal survey by Microsoft revealed that multi-factor authentication can block over 99.2 percent of account compromise attacks.

Of note to biometric authentication and digital identity providers is the following section:

“Support for external MFA solutions is in preview with external authentication methods, and can be used to meet the MFA requirement.”

Users express strong opinions on change to account sign-in

Seemingly on the other end of the security spectrum, Microsoft is moving to keep users signed-in to accounts unless they sign out or use private browsing. As noted in a piece in The Verge, “it’s a change that people will need to be aware of, especially if they’re using a public computer.”

At present, Microsoft always asks users if they want to stay signed in.

No reason is given for the change, but user comments suggest some vexation.

“How is it that the largest software company in the world, that’s been around for 50 years, sucks so bad at everything it does?” asks one.

Another, who claims to work in IT, prefers bluntness to inquiry: “This actually sucks big time.”

Related Posts

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Adoption of biometric payment cards plateaus with niche applications

Biometric payment cards, once seen to be the belle of the biometric ball, are mired in a rut of stagnated…

 

South Korea’s age assurance policies built on years of systemic, political change

A new paper from two scholars examines South Korea’s approach to age assurance. Published in TechPolicy.press, the paper contrasts global…

 

Zambia obtains World Bank funding support to advance DPI implementation

Zambia has secured funding to the tune of $120 million from the World Bank’s Digital Development Partnership to carry on…

 

Aadhaar enables an ‘epidemic’ of IDs in India

The Aadhaar ecosystem continues to grow, but it’s not all good news. The proliferation of IDs like the “One Nation,…

 

EU AI Act’s impact on businesses inspires simplification efforts

The European Union’s AI Act is already having a wide-reaching impact on business both inside and outside the economic bloc….

 

Chinese biometrics firms settle in Hong Kong for international market access

Chinese biometric recognition companies are eyeing Hong Kong as a springboard for expanding to foreign markets, according to company executives….

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events