Implementation of Multi-factor authentication has become a necessity with an increase in cyber-attacks and breaches of data incidents. Hence, it is essential to secure computer security Businesses and organisations are using MFA, which is safer than TFA (Two-Factor Authentication).
Multi-factor authentication is an electronic mechanism that requires users to provide two or more types of evidence to access a device, system, or application. The evidence is already provided at the time of setting up MFA by the owner in case of individual usage, or the company’s IT department in case of organisations. It is a form of authentication or security process that applies an extra layer of safety to your devices, application software, and services used. yourself.
Why multi-factor authentication is important?
In current times when technology is constantly evolving, cyber threats are also increasing as hackers are learning to hack them. Hence, a simple password to secure access won’t be sufficient and would require a mechanism like MFA to guard the systems against possible data breaches. We have listed some below:
1) Phishing e-mails, SMS
This is the biggest source for hackers to inject malware and Trojan viruses into the computer systems of businesses, organisations, or individuals. They make use of Social Engineering and share tailored, legitimate-looking e-mails or SMS messages tricking users into clicking on the link provided in them.
2) Malicious software
It includes malicious software like screen grabbers and keyloggers.
3) Shoulder surfing
In shoulder surfing, cybercriminals spy on users who use money-dispensing machines like ATM machines. The hacker will either keep a watch through CCTV or in person.
Multi-Factor Authentication requirements
It makes use of something you have i.e., a password, something you own i.e., your smartphone or computer system, and inherence i.e., yourself. Below explained are the requirements i.e., types of Multi-factor authentication
1) Something You Know (Knowledge)
The best example of this is a password and user-id combination. This information is known to the user.
2) Something You Own (Possess)
Your smartphones, tablets, iPads, smart cards, tokens, key fobs, laptops, and computer systems are the best example of something you possess. A hacker who has stolen your password and login credentials won’t have the devices you have used for MFA. You will be notified for granting access in case of the unknown device is detected. These notifications will be given by SMS, e-mail, pop-up notification, one-time password or on the authenticator app installed on your device. Google Authenticator app is the best app used for MFA.
3) Something You Are (Inherence)
This will include your personal biometrics like fingerprint identification, and face recognition.
Steps to setup Multi-factor authenticator for Microsoft office 365
- Login into your Microsoft 365 admin center with global admin credentials
- On the left navigation bar, Select – Users – Active Users
- On the Active Users page, select Multi-factor authentication.
- Select each user and set their Multi-factor authentication status to ‘OFF’.
- Now select the ‘Show All’ option in the 365 admin center and choose the Azure Active Directory Admin Center.
- Next select Azure Active Directory, Properties, and Manage Security defaults.
- Under the Security defaults, choose ‘Yes” and then click on ‘Save’.
- Lastly, turn on the Modern Authentication by following this path- Settings – Org settings – Services – Modern Authentication – Enable. Do not forget to save changes.
Benefits of Multi-Factor Authentication
The benefits of using Multi-factor authentication are:
- It offers an extra level of security to your devices, systems, and computer programs from unauthorised access.
- It offers strong authentication wherein the user identity id is retained by more than two factors. For example, forgetting or losing passwords, the other factors will sustain the security of the device and the user will still be able to access it.
- Your organisation’s systems will be secured from unknown access thus preventing any kind of data leak.
- It is free of cost and easily available in Appstore for iOs and Play Store for android devices and systems. Most online applications have Multi-factor authentication.
- It is easy to set up.
- Authenticator apps make it easy to access devices with ease.
- It will secure workforce data to prevent any breaches.
Microsoft Authentication app and user location mandate
Yes, The Microsoft Authentication app will use your GPS location in order to know your country and if the resources are available for that location. The app recommends users select, the ‘Always Allow’ option when it comes to your location, for both iOS and Android phones. If you select the ‘While Using App’ option, you will have to manually accept the location request every hour which is silently provided every hour in the former case. But if you do not allow and deny location access, you will not be able to access the resources of the app. This is true for both Android and iOS apps. The Microsoft servers will store your location based on your GPS, but will not store your other details.
Multi-factor Authentication usage by La Trobe University
La Trobe University is a public research institution located in Melbourne, Victoria, Australia. The University uses Multi-factor authentication to secure its computer systems from any data breach. It makes use of the Microsoft Authentication app for its various applications like Office 365 etc. It is the second important step at the university to confirm your identity to access data.
Complying with Federal Information Processing Standards (FIPS)
The Federal Information Processing Standards (FIPS) provide guidelines to authenticate the individual identities of employees working at an organisation that must be defined and comply with the policies. The login credential must include a personal identity verification (PIV) front-end subsystem to comply with FIPS 201.
Enhancements required in MFA
- MFA needs to be simplified and employees, as well as individuals, need to be trained on using it.
- It should be adaptive i.e., provide access based on user location.
- It should have a Single sign-on (SSO) for various applications. For, example, a user signed in to Microsoft Office 365 must be able to access all the Microsoft applications in one login.
- Push notifications will help users to have the one-time access code notified on their device and they won’t forget it.
What is the difference between Multifactor Authentication and Two Factor Authentication?
Multi-factor authentication uses two or more factors to safeguard systems and devices. Two-factor authentication (TFA) uses only two factors and is a subset of MFA
Can I install the Microsoft Authentication app on multiple devices?
Yes, the Microsoft Authentication app can be installed on multiple devices by using the same scanning code generated after setting it up on one device. It is free software that can also be used for multiple accounts.
What permissions does the Microsoft Authenticator app require on my phone?
It requires your location access like your country, and service provider. You have to turn on your GPS for the same.
Why do I have to set up a passcode on my phone to use MFA?
A passcode restricts unauthorised users from getting access to your device. This step offers basic security to your phone and prevents any data breach.
Do I need Wi-Fi or mobile service to use MFA?
No, you don’t need Wi-Fi internet access or any mobile service to use MFA, it runs without internet on your smartphones, iPad, tablets and laptops etc. You will require internet only for setting up MFA on your device.
How often will I be prompted for Multi-Factor Authentication?
It depends on the type of service you are using. In Microsoft Office 365, you will receive a prompt every hour. You will be provided with an access and refresh token. Refresh token has to be updated every hour and has a 14-day validity that an be extended to 90 days if you use the email application excessively.
Can I change my default authentication device/method after I have completed the setup?
Yes, you can change your default authentication device or method once the setup is completed.
Can I still use the Authenticator app without an internet connection or outside of Australia?
Yes, you can use it as an authenticator app that doesn’t require an internet connection or Wi-Fi.
Can I use systems and applications without having MFA?
You can but for security purposes, we recommend installing and using MFA.
Are all multi-factor authentication methods equally effective?
It does provide extra layers of security but it is not immune from hacking.