Multi-factor authentication and Office 365

Today’s cybercriminals employ sophisticated and complex attack vectors to penetrate the security (often meager security) that we erect in hopes of protecting ourselves, and our data, from their nefarious hands.  And, be honest, you know that your security measures can be a bit more secure.

In the not too distant past, requests and warnings from IT departments regarding the recommended use of password managers for the creation of more complex passwords and pleas to ditch the terrible practice of the “post-it note security” largely fell on deaf ears. This should not and cannot continue, not if you like having a profitable business or personal privacy. Additional security is sorely needed. Fortunately, there’s an app for that.

sp_multi-authentication2-Aug-4

Multi-factor authentication (MFA, also known as 2FA for two-factor authentication) is not an entirely new concept. It has been used intermittently with various levels of success in terms of adoption over the last decade or so. This system uses two or more methods to verify your identity and/or level of access. At the most basic level, it asks you to enter two pass phrases separately, but this can quickly reach complex authentication protocols involving passwords, token codes, text messages and even verbal confirmation.

The beautiful thing is that you can set the complexity of the authentication that suits you.

Want access to your Dropbox account containing your mom’s recipe for a killer pumpkin soup? Two passwords working in tandem should be enough to protect that.

Need access to that proprietary piece of code that is the lifeblood of your company’s new app? A security approach using a combination of password, verbal authentication and app verification code might be the way to go.

Almost a decade ago, Google, seemingly out of nowhere, introduced multi-factor authentication and, for a long time, users mainly ignored it, seeing it as more of an inconvenience than anything else. However, as time progressed and incidences of breaches, phishing and ransomware attacks started surfacing and making headlines, many users quickly saw that insufficient data security measures – in other words, what most of us use – led to massive headaches, and for businesses, a lot of money lost. So, they turned to Google’s existing solution and soon, MFA went mainstream.

Even companies like Microsoft have started to integrate MFA into their products. Microsoft’s flagship suite of online products Office 365 has been outfitted with Azure, which is essentially a built-in MFA.

MFA-on-Office-365

Users now need to enter more than just their password to access their Office 365 on their device, they will also need to engage one (or more) of five different forms of authentication:

  • verbal confirmation from a service rep or an automated service,
  • a text message,
  • a mobile app notification,
  • a mobile app verification code, or
  • a 3rd party OATH token code.

To enable Azure, users need only activate it through their Office 365 security options and then select the secondary form of authentication they would like to use following their password.

And just like that an additional layer of security has been seamlessly added, one that works to increase protection of their files and personal data.

Sticky Password recommends activating multi-factor authentication (two-factor authentication) where available for the sites and applications you use.

David-Share-Pic-MFA-Office-365

David Share, Director at Amazing Support

David has held positions as Operations Director and Head of IT in legal and professional firms for more than 10 years. He is a Director and co-owner of Amazing Support, a Microsoft Silver accredited and specialist Managed IT Support and IT Services company. David actively helps SME businesses receive better Managed IT Support and IT Services in the London and Hertfordshire areas. He also assists overseas companies who are looking to expand their business operations into the UK and helps with their inward investment IT process. David is a professional member of The Chartered Institute for IT (BCS) and an event speaker promoting business start-ups and technology awareness. Married with a son, you will often see him riding his bicycle around the Hertfordshire towns! David regularly participates in charity bike rides for the British Heart Foundation.