2FA is Two Factor Authentication / MFA is Multi Factor Authentication.
Obsolutely, you should – It’s not hard and you don’t need be an IT genius.
These days your Identity is the GOLD, it’s the hacker’s number 1 target and responsible businesses acknowledge that the Identities of Staff must be secured and protected at all costs.
MultiFactor Authentication blocks access to your account without another FACTOR like fingerprint, dynamically generated security code or best of all Microsoft’s Authenticator prompting you for Approval. This means if someone has cracked your password they still have no access without you or your phone being present.
We are here to help and can provide you real world use cases and tips on managing your MFA.
YES – You should take advantage of 2FA or MFA whenever it’s available & we recommend secure systems offering 2FA/MFA over those that don’t.
2FA or MFA is essential in an online world. It’s no-longer considered sufficient to rely on a simple password to protect your critical online data.
Most decent cloud applications and storage systems have a 2FA option so, if its there then turn it on and if it’s not there then reach out to us or the vendor and ask why not or when is it coming.
If your App or Vendor doesn’t support 2FA now then consider dumping them and until you can we recommend changing up your password from a password to a pass phrase.
Pass Phrases are more secure and are simply a complex password that it longer so instead of using a password you might instead use “I secure my app properly” and that would become your password.
The “FACTORS” draw from “something you know”, “something you have” and sometimes include “Inheritance Factors” which are more complex but frequently involve biometrics like finger print or retina scanning.
- Something you know – this is your normal password or pass phrase
- Something you have – this would be your keychain fob or Google Authenticator/SecureID etc.
- we are investigating the use of Yubikey for Office365.
For Office365 we recommend Microsoft’s Authenticator as it will simply prompt you for approval of the login request and doesn’t require you to receive a TXT message.
This is not only more secure but it’s more convenient for the users.
You can read about Microsoft’s Authenticator and how to setup for Office365 here: office365-mfa-setup
Microsoft’s Authenticator and Tap to Approve Sign-in:
Google also has an Authenticator for iPhone, it’s free and though Office365 it’s good, it’s still not as integrated as Microsoft’s Authenticator and doesn’t support the push notification to “approve” the signin.