MSEndpointMgr

2FA/MFA – Why multi-factor authentication is important

In this article we take a high level view of multi-factor authentication, the concepts and it’s importance in todays corporate IT landscape.

As the world becomes increasingly digital, the need for secure access to online accounts and systems becomes more critical than ever. One of the most effective ways to protect against unauthorised access is through the use of multi-factor authentication (MFA). In this article, we will explore the importance of MFA in the Microsoft Cloud and how it can help protect your organisations sensitive data and systems.

Introduction

Outline: For those who are unfamiliar with what a phishing attack is, it is where an attacker attempts to fraudulently obtain sensitive information from a user by posing as someone or something that the person/organisation trusts. Phishing attacks target passwords and usernames via various methods including email, pop-up windows, instant message, text messages, and social network sites. It ruins lives and cost companies millions of dollars each month. One of the best ways to protect against phishing attacks is through the use of MFA.

Takeaway: Use MFA or Passwordless. And do not click on links in unexpected emails from people you do or do not know. Always be suspicious of any link that requests you to enter your login credentials for an unknown site and be sure that a familiar sign-in page is using the right domain name in the address bar.

Disclaimer: There are a plethora of ways to put together MFA now a days, and not all scenarios or methods are covered in this article for the sake of readability.

What is multi-factor authentication?

multi-factor authentication
A person wondering about all the multi-factor authentication choices

Multi-factor authentication (MFA) is a process of verifying your identity by using more than one form of identification. It can be as simple or as complicated as you want it to be, but the goal is always the same: to make sure that only you can access your account.

There are three main types of MFA: SMS-based, app-based and hardware-based. Each type has its own advantages and disadvantages when compared with other methods, so let’s take a look at each one individually:

SMS-based MFA

This is the most basic form of two-factor authentication. When you enable it, you’ll receive a text message with a PIN code every time you log in to your account. You must enter this PIN into the site or app before gaining access to your account.

The benefit of SMS-based MFA is that it’s very easy to set up. You don’t need any special hardware or software, just a phone number and access to your email account. The downside is that there are often security issues with SMS messages—they can be intercepted by hackers or spoofed by scam artists who want to take over your account. If this happens, you’ll have no way to prove who you are without resetting all of your passwords.

App-based MFA

App-based MFA is similar to SMS-based MFA, but instead of receiving a code via text message, you receive it through an app on your phone. For Microsoft 365 users the best app is the Microsoft Authenticator, which can be downloaded for free from the Apple App Store or Google Play Store. Once you install it, all you need to do is scan a QR code using the app and then enter the six-digit code into the set up wizard. The benefit of app-based MFA is that it’s more secure than SMS-based MFA because the authentication process is tied to your physical device and not sent unencrypted over the airwaves.

The downside is that it’s more difficult to set up. You need to install an app on your phone and then scan a QR code using that app, which can be tricky if you’re not tech savvy.

Hardware-based MFA

The most secure way to set up Multi-factor authentication is with a hardware token. This device can look like a USB flash drive, but instead of containing files, it contains a secure chip that generates one-time passwords (OTPs). When you install the software on your computer and plug in the hardware token, you’ll be prompted to enter your username and password before it will generate any codes for you. This is a solution often used in companies where employees don’t have access to a phone, and hence they are unable to use SMS or App.

The benefit of hardware-based MFA is that it’s more secure than any other method of two-factor MFA authentication. The downside is that it’s more expensive and difficult to set up. You need to purchase the device and then install software on your computer that works with the token—something most people don’t have the time or inclination to do.

Again, why is multi-factor authentication so important?

Multi-factor authentication is a way to protect your accounts from being hacked by using more than one method of verification. It’s important to have this on all of your accounts because it works as an extra layer of security that prevents unauthorised access to your account and prevents identity theft.

Being passive about this type of security can actually leave you open to lawsuits. If your identity and the trust that others have in it, is used to commit fraud against others, then you are most likely going to be liable for the damages. These lawsuits have already happened and they are not in your favour if you as a person or as a company have been passive.

What has MFA done for the world?

MFA has reduced the amount of fraudulent sign-ins on accounts since its inception. In fact, MFA provides an added layer of security that gives users (and admins) peace of mind when it comes to their corporate/personal information and financial data.

MFA has:

  • Reduced risk of account takeover
  • Reduced risk of phishing attacks and identity theft
  • Reduced risks associated with password reuse by requiring two-factor authentication every time you log in (even if you’re using a password manager)

Remember to thank your MFA device when you use it.

A person loving their authenticator app

What is better than MFA?

A concept that is quickly gaining in popularity is the Passwordless sign-in. Which is the next step in authentication evolution. It is basically a method to login without a password, and thus prevents anyone from stealing it in the first place!

Microsoft offers easy on-boarding to Passwordless with their Authenticator Phone sign-in feature and for the Windows desktop they have Windows Hello for Business as an excellent offering.

Passwordless technologies aim to address some of the weaknesses of MFA. But, remember that any MFA solutions is better than no MFA solution!

But, I digress, this article was only meant to be about Multi-factor authentication (MFA). So, Follow along here on the blog for an article on passwordless in the near future!

In the mean time you can enjoy learning how to enable Passwordless using the Microsoft Authenticator, in this article on Microsoft Learn.

Conclusion

Multi-factor authentication is an essential tool for protecting against unauthorised access to online accounts and systems. By using a combination of something you know, something you have, and something you are, MFA provides an extra layer of security that makes it much more difficult for cybercriminals to gain access to your sensitive data and systems.

If you want to learn more about how MFA can protect your business, check out the article on Microsoft Learn that shows how you can get started on this important first step on your journey towards Zero-Trust and a Passwordless future!

Michael Mardahl

Michael Mardahl is a seasoned IT pro with over 25 years of experience under his belt. He's a Microsoft Certified Cloud Architect at APENTO in Denmark, where he helps customers move from traditional infrastructure to the cloud while keeping security top of mind. When he's not working, Michael's either spending time with his family and friends or passionately blogging about Microsoft cloud technology. His expertise in this area has even earned him the prestigious title of Microsoft Most Valuable Professional (MVP) in both the Enterprise Mobility and Security categories. In short, Michael is the IT equivalent of a rockstar, but don't expect him to act like one - he's way too down-to-earth for that.

Add comment

Sponsors

Categories

MSEndpointMgr.com use cookies to ensure that we give you the best experience on our website.