MFA - Effectively Manage your Multi-factor Authentication

1 - Overview

MFA uses a second authentication factor to verify your identity, enhancing security by adding "something that you have" to "something you know". 

1 - The first factor is “something you know”:

  • Most often this is your password, the most basic authentication method.

2 - The second factor is “something you have”:

  • Authentication app: Users authenticate using a downloaded authentication application that either generates a one-time passcode which users enter during the authentication process, or sends a notification to their device, which they can approve to verify their identity. This is the recommended and most secure option.
  • Phone call verification: You authenticate by responding to an automated phone call to their registered phone number and approve the login request by pressing "#" when prompted
  • SMS/email one-time passcode: You authenticate by receiving a one-time passcode on their mobile device via SMS.

3 - What should I enroll?

  • Should should enroll two or more methods, so you don't accidentally lock yourself out
  • A good combination is the Microsoft Authenticator App (available for Android and iPhone) and SMS or Phone Call

4 - What should I look out for?

Symptom: You keep getting un-expected authentication requests, SMS codes or phone calls asking you to approve a login

Explanation: There's a good chance your password has been leaked and someone is trying to get into your account by pestering you until you say "yes".

What should you do? If in any doubt, ignore or cancel the requests. If it's one of your applications, it'll stop working and you can sign back in when prompted. If the requests continue, change your password and report the issue to the IT Service Desk

2 - Managing your MFA

Uploaded Image (Thumbnail)

Microsoft provides a space for you to manage MFA. Browse to https://mysignins.microsoft.com/security-info. Here, you can:

  • Check what MFA you have set up
  • Add a new method. Two or more is ideal as you won't get locked out if one doesn't work
  • Click the appropriate link to change or delete to keep your list of methods up to date
  • Set your preferred MFA method. NB: If you use the NIC VPN this needs to be App based authentication - notification or Phone-call

3 - Further Reading

The library has an excellent article on how to enroll the Microsoft Authenticator app and an alternate method.

 

Print Article