Redmond Magazine

Microsoft Tweaks Authenticator with Added Passkey Support, FIPS Compliance

Microsoft is updating its Authenticator app to be even more "phishing-resistant," Microsoft announced Tuesday. Organizations use Authenticator to implement multifactor authentication (MFA) on iOS and ...
Bleeping Computer

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and ...
Dark Reading

Downgrade Attack Allows Phishing Kits to Bypass FIDO

Researchers have developed a new proof-of-concept (PoC) for how phishing kits can circumvent Fast Identity Online (FIDO) authentication. FIDO is the gold standard of online authentication — the best, ...
Ars Technica

Phishers have found a way to downgrade—not bypass—FIDO MFA

Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being ...
CSOonline

Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out

With use of multi-factor authentication rising, end-users can find themselves fiddling with codes and authentication apps frequently throughout their days. For those who rely on Microsoft ...