MFA - Multi-factor authentication
Multi-factor authentication (MFA) adds another layer of protection to the login process. When accessing accounts or apps, users undergo an additional identity verification, for example with a fingerprint scan or a code sent to the phone.
Need help with your MFA?
What is MFA?
MFA means that users’ identity is confirmed based on two or more factors or features that are unique to them.
The three factors commonly used to confirm users’ identities are:
- Knowledge that the user has Usually a password.
- A biometric form of identification This can include face, voice, or even an attribute the user has, such as the force of their keystrokes.
- Something the user has For example, a one-time password sent directly to the user.
Why MFA?
Security breaches continue to increase
The number of successful security breaches continues to rise, proving that traditional cyber security measures are no longer sufficient to protect against the ever-evolving technology of hackers.
Biometrics strengthens security
Cybercriminals’ methods are constantly changing so while users may be aware of the threat of phishing, they are still vulnerable to having their passwords stolen using newer methods such as keylogging, pharming and what’s next. Measures such as biometric identifiers almost completely eliminate the threat of password theft.
Minimizes the risk of cybercriminals getting in
Traditional measures such as firewalls and vulnerability analysis are necessary, but unfortunately do not protect against threats that mean that threat actors have gained access to the user’s password or other authentication information. With two factors, the risk of a hacker knowing all the necessary information is significantly minimized.
Intrusions often cause great damage and are difficult to oversee
While identity theft can already cause enormous damage, theft of information is not the only risk. Hackers often use information they collect to transmit spam, propaganda or viruses. Hackers can also go beyond just stealing information and instead destroy it completely or make significant changes to applications and services.
MFA strengthens security and has become everyday for users
Users today are familiar with proving their identity to access sensitive information, for example at the bank or in healthcare contacts. Using a biometric identifier makes it extremely easy for the user to access what they need with the simple push of a button or show their face to a camera – no login process required.
MFA in Azure AD
There are a number of different methods for multi-factor authentication with Azure AD. This is to fulfill the unique needs of your organization. Mentioned below are some of them:
Microsoft Authenticator
With Microsoft Authenticator, you authorize logins from a mobile app using push notifications, biometrics, or one-time passwords. You can strengthen or change passwords with two-step verification and increase the security of your accounts right from your mobile device.
Windows Hello for Business
With Windows Hello for Business, passwords can be replaced with strong two-factor authentication (2FA) on Windows 10 devices. Then an authentication data associated with your device is used together with a PIN code, a fingerprint or facial recognition to protect your accounts.
FIDO2 security keys
Using an external USB stick, NFC (Near Field Communication) or another external security key that supports Fast Identity Online (FIDO) standards, the user can log in without a username or password.
SMS and voice calls
Receive a code on the mobile phone via SMS or voice call to strengthen password security