Multifactor authentication – why is it important?
Multifactor authentication requires proving two things – a thing you know, and a thing you have. The thing you know is your password. The thing you have is your phone (set up with Authenticator and registered as a multifactor verification proof.)
How does it work?
When you attempt to log in to your account or a system protected by MFA, you’ll provide your primary authentication factor (such as a password or PIN) and then a second factor, which in this case, would be a code sent to your mobile device or a biometric scan. This means that even if an attacker has obtained your password, they will still need your second factor to gain access – so it’s near impossible to gain access to your accounts and data.
What system do we use and what does it do?
You’ll be installing Microsoft’s authenticator app on your personal device, to help secure your work device. So, it’s a name you can trust – you’ll already use their systems day in and day out, no doubt!
You’ll see it as an app in your phone, and you’ll only need to use it when logging into your work device or systems (unless of course, you choose to reinforce any of your own systems with it.)
MFA can help protect against a variety of attacks, including phishing, password theft and credential stuffing. It’s a really effective security measure that helps safeguard yours, or your workplaces, sensitive information and prevent unauthorised access to systems and resources.
What does it not do?
There are some common misconceptions about what Microsoft’s authenticator app is capable of, such as tracking location and accessing data.
The Microsoft authenticator does not track you and it does not log location data. It will list your logins to Microsoft-protected resources as a method for you to recognise unauthorised access attempts. The only push notifications it will ever send you are approval requests for logins to Microsoft-protected systems.
The Microsoft Authenticator does not give Microsoft access to any data or information on your device either, with the few exceptions of the below.
The Authenticator app does collect two types of information:
- Account info you provide when you add your account. After adding your account, depending on the features you enable for the account, your account data might sync down to the app. This data is stored on your device and can be removed by removing your account.
- Non-personally identifiable usage data, such as aggregate details about success or failure of important operations that are used to detect decreased reliability and bugs. This minimal data is needed to keep the app updated and secure. You need to accept the notice of this data collection when you use the app for the first time.
Anything else I should know?
Now your systems covered, but to ensure we’re doing as much as we can, sometimes we couple that with Microsoft Hello, which protects your devices.
Windows Hello is a biometrics-based technology that enables Windows 10 and 11 users to authenticate secure access to your devices with a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is a more user friendly (it makes it much faster for you to login!), secure method for you to access your device.