Using Multi-factor Authentication (MFA) with Microsoft Authenticator

Multi-factor authentication (MFA) has become very important today with the rising amount of cyber-attacks. Passwords and other sensitive information get leaked on the dark web all the time (hello, Equifax) and we’ve had clients whose corporate email addresses were compromised and the bad actor was sending emails directly from their accounts. “Please wire the below account $10,000, please!”

There is a simple tool you can use to help cut down on people logging in as you, both at work and with your personal accounts. That’s MFA.

MFA refers to having at least two separate mechanisms that are used to verify your identity when you authenticate to a system. For example, with many financial websites you log in with a password and then they send you a text message with a code for you to verify. One factor is the password; the second factor is proving you have access to a device that receives your text messages.

Another method of providing a second factor is a secure key generator or an authenticator app on your smartphone. These function by generating a unique code within the app that will confirm that you are who you say you are. It works much like a text message verification, but the code is provided by the app and is in some ways more secure than text messaging.

Using MFA is a key step in the latest best practice to keep your accounts secure. Check out our guidelines on creating strong passwords.

Google authenticator and Microsoft Authenticator are two of the authenticator apps available. This is a quick description of the Microsoft Authenticator app and some of its additional features.

The Microsoft Authenticator is available on iOS and Android as well as various smartwatches. The examples below show the iOS version (but Android’s works very similarly). You can download these apps from the iOS App Store or Google Play Store.

MFA with Microsoft AuthenticatorWhen you first open the app, you can create new accounts. The choices for a new account are:

  • Personal account: This is what was traditionally a Microsoft Live ID. Examples of the uses for a Microsoft personal account are an Outlook.com / Hotmail.com email address or an Xbox Live account.
  • Work or school account: This is an Office 365 / Azure AD account.
  • Other: This option would be used for any service that does not support Microsoft’s enhanced authentication mechanism. In fact, most services that say they support Google Authenticator can use this option in the Microsoft Authenticator instead.

MFA with Microsoft AuthenticatorIn my Microsoft Authenticator, I have several services listed. The first two are for IDs in my Office 365 tenant, ConnectWise is a third-party application that says it requires Google Authenticator, and even my Google account uses Microsoft Authenticator for MFA as seen in the last entry.

MFA with Microsoft AuthenticatorTher is one important enhancement to understand about using the Microsoft Authenticator when using MFA on Microsoft (personal or work) accounts. There is no need to look up and enter an authentication code. There is simply a popup on your mobile device asking if you approve the login. This even applies to the smartwatch application.

MFA with Microsoft AuthenticatorIf you use the Google Authenticator feature within Microsoft Authenticator, it will show random codes for each account for a certain length of time. When you log into an application you’ve connected with Google Authenticator, you’ll be prompted to punch in the six-digit code you see in your Microsoft Authenticator app.

And there you have it! Better security all around.

If you have questions about how to implement this in your environment or how to train your employees on better security practices, we can help! Send us an email or give us a call at 502-240-0404!