Making Sense of the Microsoft Information Protection Stack

Sign in to queue

The Discussion

  • User profile image

    Multi-factor authentication must comply, at least:
    1) "something only the user knows" (aka password)
    2) "something only the user has" (a device)

    Multi-factor authentication with phone call, sms or email ARE NOT effective because communication can be "known" by the service provider or a "man in the middle".

    Phone and email are not "something only the user has"

Add Your 2 Cents