Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts or apps, users provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.
If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, an attacker could be using it to gain access. When you require a second form of authentication, security is increased because this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.
Spanish Point recommends you implement MFA for user authentication. If you don’t have this in place yet, contact us now to arrange a Discovery Workshop, where you will understand the benefits of MFA for your organisation and how you can enhance security with MFA.
Also called the “Two-Step Verification”, this is a way of confirming your identity when you try to sign in. For example, the first time you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity. Perhaps you’re using the free Microsoft Authenticator app as your second factor. You open the app on your smartphone, it shows you a unique, dynamically created 6-digit number that you type into the site and you’re in.
Why use multifactor authentication (MFA)?
If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, an attacker could be using it to gain access.
Usernames are often easy to discover; sometimes they’re just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites.
Azure AD offers a broad range of flexible multifactor authentication (MFA) methods—such as texts, calls, biometrics, and one-time passcodes—to meet the unique needs of your organization and help keep your users protected.
Important things to know
You won’t have to do the second step very often. Generally, it’s only used the first time you sign into an app or device, or the first time you sign in after changing your password. After that you’ll just need your primary factor, usually a password, like you do now.
Multifactor authentication is not just for work or school. Almost every online service from your bank to your personal email, to your social media accounts supports adding a second step of authentication and we recommend you go into the account settings for those services and turn that on.
You don’t need to change apps and services to use Azure AD Multi-Factor Authentication. The verification prompts are part of the Azure AD sign-in, which automatically requests and processes the MFA challenge when needed.
Want to learn more about Azure AD Multi Factor Authentication?