With Azure AD and FIDO security keys, you can make MFA more secure and avoid setting up certificates on everyone’s phones.
Passwords are a mess, MFA can be more of a stop-gap than a phishing solution, and running your own public key infrastructure for certificates is a lot of work. The long-term goal is to move to passwordless credentials that can’t be phished.
“Passwords are a huge problem: a huge usability problem and a huge management problem,” Alex Weinert, Microsoft’s Vice President of Identity Security, told TechRepublic. “There are several ways to bypass the use of passwords, and the old-fashioned way is to still have a password but to back it up with something else.”
Read the full article at: https://www.techrepublic.com/article/mobile-mfa-hardware-keys/