Microsoft security expert Alex Weinert says hit out at attempts to create secure passwords. He said that it doesn’t matter how long your password is, whether it’s a unique password, or if it’s mixed up with letters, numbers, and special characters.

Weinert said most passwords aren’t breached by humans attempting to guess your password. They’re usually stolen from databases during security breaches or by malware on your device.

microsoft-code.jpg

He also said common methods of multi-factor authentication are vulnerable to attack. Weinert said it’s time to stop using text messages or voice calls to send log in codes and that emails and direct messages are a bad idea, too.

His solution? Smartphone-based authentication. More specifically, the Microsoft Authenticator app. He also suggested using Windows Hello, which allow you to log in with facial recognition and fingerprints on some devices.