Multi-Factor Authentication (MFA) provides extra layers of security for logging in to cloud applications. Microsoft now provides two simple methods of using MFA to securely log in to your Office 365 account: Two Factor Authentication and Password-less Sign-in. Both use the Microsoft Authenticator App.
MFA is a method of confirming a user’s identity before granting access. The user needs to successfully present two or more pieces of information:
- Something they know (such as a password or PIN or answer to a security question)
- Something they have (such as a code on a hardware token, or received through SMS or push notification or an app on a smartphone)
- Something they are (such as a fingerprint or other biometric)
MFA is especially important for security in a world in which critical business data is stored in the cloud. Securing an account with just a username and password is no longer enough to protect your business from cyberattacks and data breaches. Passwords can be compromised. The reasoning behind MFA is that a hacker will not be able to provide the additional factors required for access, thus reducing the incidence of online fraud. To be effective, providing the second factor needs to be simple so that it does not act as a hindrance to logging in for the legitimate user.
The first step for using both of the following MFA methods is to install the Microsoft Authenticator App on your Apple or Android phone.
This is how these sign-in options work.
Two Factor Authentication – also called Two-Step Verification
With Two Factor Authentication, you enter your password and authenticate it with a second method. When you enter your password on the computer, Microsoft will ask you approve the sign in request
If you have alerts set on your mobile phone, you’ll first see the alert on your phone telling you that you have received a sign in verification request.
Approve the sign in request simply by opening the Authenticator app and clicking “approve.”
Password-less Sign-in
With Password-less sign-in, you don’t even need to enter a password! When you enable Password-less Sign-in in the Authenticator App, your sign-in process changes. Instead of seeing a screen to enter your password, you’ll see a screen to approve sign in, and this screen will have a number on it.
When you open the Authenticator app on your mobile device, you’ll see three number choices. Touch the one that matches the number on your monitor, and then touch the sensor with the finger that is set up for your fingerprint identity. That’s it! You’re in!
What if you can’t use your cell phone?
Life happens. What if you forget your cell phone one day, or it is stolen, or it falls on the train tracks… how do you log in to work?
The login screen for password-less login also provides the option to use your password instead. Click that option, and then start the login process with your password.
Without your cell phone, you can’t open the Authenticator App to approve the sign-in request. Instead, click “Sign in another way.”
Microsoft will offer your other options to verify your identity. These are the options that you provided when your account was set up. If you provided a second phone number (that is not the cell phone that you don’t have with you), you can choose that option to have Microsoft call you to provide you with a sign-in code.
If you are not in the location where you can answer that call, your only option is to reset your password. In the previous screen, click “Forgot my password.” Microsoft will send an email to your alternate email address providing you with a code to login. When you enter that code, you’ll be provided with an option to have Microsoft call your Office Phone. There you will be told to press the # key to finalize the change.
If your cell phone was actually lost, stolen or destroyed, the next step is to contact your IT department for assistance.
Keep your business data safe using MFA with the Authenticator App!
Web-based applications require that the account be secured with a username and password, but passwords can be forgotten, stolen, or compromised. There are several options for adding a factor to protect your business, but there are issues with some. Text messages to mobile phones using SMS are insecure and may be intercepted. Software tokens must be carried around and can be lost or stolen, and carrying around multiple tokens for different applications is not practical. With Authenticator, your phone provides an extra layer of security on top of your password, PIN or fingerprint. Most people do carry around a cell phone, and Microsoft has provided 2 options using your cell phone that both require something that is not easily accessed by a bad actor. And just in case the cell phone cannot be used, Microsoft has provided the means to sign in without it, while still requiring a factor that also cannot be easily accessed by a bad actor.
With the Authenticator App, Microsoft has simplified the process for providing two factors for user authentication. The app can be used to sign-in to Outlook, OneDrive, Office and more (including applications that are not from Microsoft). The app can be downloaded for free on the Apple App Store or on Google Play.
The Authenticator App can be used to implement secure Bring-Your-Own-Device (BYOD) initiatives. The app can be downloaded on users’ personal devices for secure login to company applications, and can be disabled by the IT department when the user leaves the company.
Having your company’s staff use the Authenticator app, to sign in with Two-Factor Authentication or Password-less login, is a simple way to protect your sensitive business data.