What is MFA?
MFA stands for Multifactor Authentication. It is an additional security step to authenticate you as the genuine person logging into a website or setting up web connected apps such as Outlook or DropBox.
Why use MFA?
In IT parlance, a single factor authentication typically refers to the text based password you enter when accessing a secure site for example banking. Traditionally, this is all we did, entered a username followed by the password.
But in the ever menacing world of cyber security threats, a single text based password is now a major risk if compromised or captured by hackers. So today, many organisations especially financial institutions require second factor authentication as an additional step to verify to your identity. Options for second factor authentication can be:
- An automated phone call with verbal instructions
- An SMS text message containing a code you enter
- A hardware token – special hardware devices assigned to users
- An app to installed on a mobile device displaying a code you enter. This is the most common.
Because there are several options for deploying second factor authentication, we call it Multifactor Authentication.
Using an Authenticator App
Of the four options above a trusted authenticator app installed on your mobile phone is the most widely used and recommended. Once installed you can register multiple approved MFA enabled online accounts with the app, which for most organisations is a simple process. Each registered account within the app displays a six digit code that expires every 30 seconds. Users type the code into the area provided, hit enter and the login process continues.
Why is the mobile authenticator app the most popular?
Because the phone is registered and belongs to you, is almost always with you and in most cases is passcode protected or deploys face recognition and fingerprint scanning to open them. This makes the device ideal to use as a second factor identification tool. Some MFA processes still use SMS text messages to send a code instead displaying one in an app, but this method is considered risky today because of potential to intercept test messages.
What and where do we download the trusted authenticator apps?
Microsoft Authenticator and Google Authenticator are the most popular choices. Both are available for free in both the Apple and Google Play Stores. They use almost no data to communicate.
When will I need to use my Authticator App?
- Whenever logging into a website requiring MFA. Some sites such as Xero allow a thirty day relaxation period before you are required to use MFA again.
- The initial setup of an app or program that accesses secure data protected by MFA . For example setting up Microsoft 365 email and OneDrive accounts for the first time will ask for MFA authentication. Every now and then they may ask you as again just to check it’s you!
Logging into Microsoft 365 using the Microsoft Authticator app
Enter a username
Code request prompt
Fetch from the MFA app on your mobile device and enter
You’re in and good to go.