Multifactor Authentication and Securing your Data
What is Multifactor Authentication (MFA)?
When you sign into your accounts using a process we call "authentication", you are proving that you are who you say you are. Traditionally that process required a username and a password. Unfortunately, that is no longer enough. Usernames can easily be discovered, sometimes they're just your email address or something as simple as a derivation of your name (ie. John Smith, JSmith, SmithJ, or JohnS). Passwords, can be hard to remember, so we have a tendency to use the simplest ones the system will permit, or use the same one again and again.
That's why most online accounts, banks, applications and, email accounts like those hosted by Microsoft have added a way for your data to be more secure. You may hear it called “Multifactor Authentication (MFA)” or “Two Factor Authentication (2FA)”, most implementations of MFA/2FA operate off the same principle.
Why Should I use MFA for my Logins?
The main benefit of MFA is that it will enhance your security by requiring users to identify themselves by more than just a username and password. While important, usernames and passwords are still vulnerable to attacks and can be stolen by third parties. Accessing data should require direct approval via your phone, bio metric entry, or an additional security question which potential thieves would not have access to, MFA increases confidence that you will stay safe from cyber criminals.
How does MFA work?
When you sign into the account for the first time on a new device or app (like a web browser) you will need more than just the username and password. You need a second level of authentication - what we call a second "factor" - to prove who you are. A factor is a way of confirming your identity when you try to sign in.
What types of MFA are there?
The three most common kinds of factors are:
- Something you know – Like an additional password, security question, or PIN
- Something you have – Like a smartphone, or a secure USB key
- Something you are – Like a fingerprint, or facial recognition
MFA for Microsoft Office 365
Let's say you're going to sign into your account, and you enter your username and password. If that's all you need then anybody who knows your username and password can sign in as you from anywhere in the world!
But if you have Multifactor Authentication enabled, things get more difficult for any potential imposter. The first time you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity.
Perhaps you're using the free Microsoft Authenticator app as your second factor. You open the app on your smartphone, it shows you a unique, dynamically created 6-digit number that you type into the site. Or you can choose to set up SMS verification. This will send your cell phone a dynamically created 6-digit number that you type into the site and you're in!
If somebody else tries to sign in as you, however, they'll enter your username and password, and when they get prompted for that second factor they're stuck! Unless they have YOUR smartphone, they have no way of getting that 6-digit number to enter. And in the particular instance of the Microsoft Authenticator, the number changes every 30 seconds, so even if they knew the number you used to sign in yesterday, they're still locked out.
You won't have to do the second step very often. Some people worry that multifactor authentication is going to be inconvenient, but generally it's only used the first time you sign into an app or device, or the first time you sign in after changing your password. After that you'll just need your primary factor, usually a password, just like you do now.