#UserAuthentication

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

by

December 11, 2024 at 09:42AM A critical vulnerability in Microsoft’s multi-factor authentication (MFA) was identified, allowing attackers to bypass security easily without user notice. Labeled AuthQuake, the flaw stemmed from inadequate rate limits and extended code validity. Microsoft addressed the issue in October 2024, tightening security measures to enhance MFA effectiveness. **Meeting Takeaways: Dec 11, … Read more

Microsoft shares more details on Windows 11 admin protection

by

November 19, 2024 at 08:42AM Microsoft detailed a new Windows 11 admin protection feature in preview, utilizing Windows Hello for authentication to secure critical system resources. It restricts admin rights, requiring users to verify actions via PIN or biometrics. This aims to mitigate malware risks by limiting unauthorized access while ensuring legitimate user control over … Read more