Enhancing Security with Multi-Factor Authentication (MFA) on Microsoft 365 Accounts
In today’s digital age, securing online accounts is more critical than ever. One of the most effective ways to protect your Microsoft 365 account is by enabling Multi-Factor Authentication (MFA). This security measure adds an extra layer of protection, making it significantly harder for unauthorized users to gain access. Microsoft claims that 99.9% of compromised accounts did not have MFA enabled.
Article Index:
This article applies to Multi-Factor Authentication for Microsoft O365 accounts, however, the concept applies to MFA for any online account. With Microsoft O365, the way we configure it, texts a code to the user’s cell phone.
What is Multi-Factor Authentication (MFA)?
MFA requires users to provide two or more verification factors to gain access to a resource such as an application or online account. Instead of just asking for a password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack from a hacker. The additional verification is tied to something that you possess, or is part of you: a fingerprint, retinal scan, SMS message.
Why Use MFA on Microsoft 365?
- Enhanced Security: MFA significantly reduces the risk of account breaches. Even if a hacker obtains your password, they would still need the second form of verification. Even if they obtain your password and know your phone number, they would not be able to receive the code without physically obtaining your phone (or faking your phone connection, a more complicated procedure).
- Compliance: Many industries have regulations that require MFA for accessing sensitive information. Using MFA helps ensure compliance with these regulations.
- User-Friendly: Microsoft 365’s MFA is designed to be user-friendly, sending you a text message for verification.
- Cost-Effective: Implementing MFA is a cost-effective way to enhance security without needing extensive infrastructure changes.
What do I need to know about adding MFA to my existing Microsoft 365 account?
You will continue to access your Microsoft 365 account as you have been, through Outlook, apps, browsers, SharePoint, etc. Occasionally, you will be prompted to enter a code. Check your phone and you will receive a text message with the 6-digit code. Enter the code on the prompting device and you will be granted access.
Will I have to enter a code ‘every time’ I access my account?
No. The system is configured to prompt you only when you access your account from a new device or browser, and then occasionally on devices you have been using. You should find that you are not prompted very often.
How long do I have to wait for the code?
I find that the code is almost always already there when I reach for my phone when prompted. Microsoft has invested a lot of resources into their MFA texting equipment to generate the SMS messages very quickly.
I am not receiving a code. What is wrong?
We may have the wrong phone number assigned to your account. Please contact HDF to confirm your number.
I am changing my phone. Do I need to do anything?
If you keep the same phone number, there is nothing you need to do. If you are changing your phone number, then please contact HDF to update your number in our system.
I lost my phone. Do I need to do anything?
Yes. If you lose your phone, or it is stolen, we need to redirect your MFA immediately. Please contact HDF as soon as you have determined that your phone is lost or stolen.
Will MFA keep me completely safe?
No. Nothing is completely safe. But this increases your security significantly. You may think of it as putting a major deadbolt on an already locked door.
Another reason to use a Password Manager
As if there weren’t enough reasons to use a Password Manager so you don’t have to remember all of those unique passwords you are creating… you are creating unique passwords, aren’t you? A password manager will automatically fill in your credentials on the website. However, since the credentials are saved per website, if you are directed to a malicious link (such as the one in the header image of this article), your password manager WILL NOT fill in your credentials. Your Microsoft 365 online services credentials are saved with the correct https://office.com address, so your password manager cannot inadvertently enter them under the fake https://office-ms.com address. Score one for the good guys.
If you have questions about this, please let us know and we will be happy to assist you.
Take care,
