If you’re a Microsoft customer (you have a Microsoft account), you may have been asked recently to turn on multi-factor authentication (MFA) when you’re using certain applications. If you’re wondering why this is happening, it’s because Microsoft has now added the extra layer of security to their accounts to prevent easy access to hackers. There have been many recent incidents where hackers are able to gain access to an inadequately-protected account, and then get further access into an organisation’s systems (Microsoft and Hewlett Packard are just two such companies to who this has happened to recently).
MFA adds the extra checks to prove your identity, whenever you are logging in. As well as using your password to log into an account, you may need to receive an authentication code via a text message to complete the sign in process, or something similar. It’s often called a two-step authentication process, but there can be more elements to it.
At cyber.gov.au, MFA has been described as combination of:
Something the user knows – your PIN or password
Something the user has – a token (one-time PIN) or security key (physical key to plug into a device)
Something the user is – like a fingerprint, facial ID to access a device
If you are hacked (because you don’t have MFA activated), and you use the same password for all your accounts (private and work related), then the hackers potentially have access to your online shopping, emails, social media, banking, not to mention access to your organisation. And once they’re in, they can lock you out!
MFA sounds like it can be a hindrance to logging in processes during your work day, but it can actually streamline some processes, where, for example, just Facial ID may be required via your phone to access some apps.
And if you need one more reason why you should consider activating MFA whenever you are asked, you may find that some insurance policies are now requiring MFA to be activated before coverage is assured.
So start with your Microsoft accounts and get used to the process, and then consider activating MFA for all your accounts whenever you are asked. If you need help, just ask us…