Security Rules the Day
When you sign into your online accounts — a process we call “authentication” — you’re proving to the service that you are who you say you are. Traditionally that’s been done with a username and a password. Unfortunately that’s not a very good way to do it. Usernames are often easy to discover; sometimes they’re just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password over and over again on many accounts or sites.
Multifactor Authentication is the New Norm
That’s why almost all online services — banks, social media, shopping and yes, Microsoft 365 too — have added a way for your accounts to be more secure. You may hear it called “Two-Step Verification” or “Multifactor Authentication” but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing — what we call a second “factor” — to prove who you are.
A factor in authentication is a way of proving that you are who you say you are when you try to sign in. For example, a password is one kind of factor, it’s a thing you know. The three most common kinds of factors follow:
- Something you know — Like a password, or a memorized PIN.
- Something you have — Like a smartphone, or a secure USB key.
- Something you are — Like a fingerprint, or facial recognition.
How does it work?
Let’s say you’re going to sign into your work or school account, and you enter your username and password. If that’s all you need then anybody who knows your username and password can sign in as you from anywhere in the world!
But if you have 2-step verification (or Multifactor authentication) enabled, things get more interesting. The first time you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity.
Perhaps you’re using the free Microsoft Authenticator app as your second factor. You open the app on your smartphone, it shows you a dynamically created 6-digit number, which is unique to your phone, that you type into the site and you’re in.
If somebody else tries to sign in as you, they’ll enter your username and password. Then when they are prompted for that second factor, they’re stuck! Unless they have YOUR smartphone, they have no way of getting that 6-digit number to enter. And the 6-digit number in Microsoft Authenticator changes every 30 seconds, so even if they knew the number you used to sign in last week they’re still locked out.
Get the free Microsoft Authenticator app
Microsoft Authenticator can be used not only for your Microsoft, work, or school accounts, you can also use it to secure your Facebook, Twitter, Google, Amazon, and many other kinds of accounts. It’s free on iOS or Android. Learn more and get it here.
Important things to know
First, it’s important that the authentication factors be different kinds of factors. Having two passwords, or a password and a memorized PIN, are just two of the same kind of factors — things you know — and if somebody compromises one password, they could compromise both. For the best security, you need a combination of at least two of the three different kinds of factors. Crooks may steal your password, but they can’t easily steal your fingerprint.
Second, you won’t have to do the second step every time you sign in. Some people worry that multifactor authentication is going to be really inconvenient, but generally it’s only used the first time you sign into an app or device, or the first time you sign in after changing your password. After that you’ll just need your primary factor — usually a password, PIN, fingerprint, or facial recognition.
The extra security comes from the fact that somebody trying to break into your account is probably not doing so on your device, so they’ll need to have that second factor to get in.
Switch to multi-factor authentication today
Multifactor authentication is not just for work, school, or banking. Almost every online service from investment accounts, your personal email, and your social media accounts supports adding a second step of authentication. Start protecting yourself today. Go into the account settings to turn on multi-factor authentication for each of your services.
- Click here to turn two-step verification on for your personal Microsoft Account
- Click here if you’re an IT Pro or administrator and you want to know how to enable Multifactor authentication for your Microsoft 365 account
Compromised passwords are one of the most common ways that bad guys can get at your data, your identity, your credit, or your money. Using multifactor authentication, sometimes known as two step verification, is one of the easiest ways to make it a lot harder for them.