Microsoft has announced that its Authenticator app for iOS is now compliant with the Federal Information Processing Standards (FIPS 140) security standard. The company says FIPS 140 compliance support is available for customers running Microsoft Authenticator version 6.68 and higher on iOS devices.
Microsoft Authenticator is a popular two-factor authentication solution that helps users to secure their online accounts. It provides password-less login support for Microsoft accounts and adds an extra layer of security for third-party apps and services. The Authenticator app also offers additional account management capabilities for Microsoft personal, work, and school accounts.
According to Microsoft, the Microsoft Authenticator app for iOS can now utilize the native Apple cryptographic techniques approved by U.S. government agencies. FIPS 140 compliance is enabled by default for Azure Active Directory (AAD) authentications. These include time-based one-time passcodes (TOTP), Passwordless Phone Sign-In (PSI), as well as push multifactor authentications (MFA).
“Microsoft maintains an active commitment to meeting the 140-2 requirements, having validated cryptographic modules since the standard’s inception in 2001. Microsoft validates its cryptographic modules under the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP),” Microsoft explained in a support document.
Microsoft detailed that its several cloud platforms and services use these cryptographic modules. The list includes Office 365, Office 365 U.S. Government, Dynamics 365, Dynamics 365 Government, Office 365 U.S. Government Defense, as well as Azure and Azure Government.
For now, Microsoft Authenticator has achieved compliance with the US government’s FIPS 140 standard on iOS devices. The company plans to add support for Android devices in a future update. However, Microsoft has yet to provide an ETA.
Last month, Microsoft announced that it’s planning to enable the number matching feature by default for all Microsoft Authenticator users. The security feature is designed to protect customers against MFA fatigue attacks.