Revisiting sound guidance: Countering the heightened threat of device code phishing

The report warns that attackers are abusing Microsoft’s device code authentication—used for kiosks/shared devices—to phish users into handing over device codes that yield valid session tokens, thereby bypassing passwords and MFA and achieving persistent account access. It recommends disabling or tightly restricting device code flow where not required and explicitly revoking sessions (not just resetting passwords) when an account is compromised.