Why do so many of websites, programs and apps ask us for our phone number when we sign up now? Isn’t a password enough to verify who I am?
Nope.
Multifactor authentication has taken the world by storm in the last few years.
Chances are, you have heard of multifactor authentication in some conversation or another. What does it mean?
What is Multifactor Authentication?
Multifactor authentication is a way for users to sign-in; including more factors to ensure the owner of the account is the person attempting sign in. The most common way companies undertake this is by using the user’s mobile number; where the website or app will text you a verification number that you need to sign in with, in addition to your password.
It can also be used when you forget your password. Some websites will ask you to input your login email and will send you a code or link to that email address to create a new password. The multifactor authentication is just another level of security on top of that.
How is Multifactor Authentication Used?
Apple, being one of the words biggest organisations, have a very well-known use of multifactor authentication; to sign into your Apple ID, first you must correctly input your Apple ID email address and password. Following this a code will be sent to you via your authenticated devices (such as your iPhone or Mac) and the person signing in will have to enter that code to access their Apple ID.
How has Microsoft Implemented Multifactor Authentication?
Microsoft has an app, streamlining the whole process, called the Microsoft Authenticator App. The app is downloaded straight from your app store onto your smart phone and enables users to authenticate a sign in.
When you sign in on a new device, the Microsoft Authenticator App sends a notification to your mobile device asking whether the owner of the account is trying to sign in. It will simply ask if the sign in they are showing is you. It will include an approximate location and time of login. If this sign in is you, click accept and the device you are logging in on will move along to the next stage.
If it is NOT a known sign in, you can click deny, which will then alert you to the fact that someone has guessed your password and to change it immediately.
A lot of issues arise if the owner of the account always clicks accept on the login attempts, rather than monitoring the attempts; this is a huge cyber security threat and can cause the hacker to have access to everything on your account, including confidential work files.
What happens if I don’t want to use Multifactor Authentication?
Multifactor Authentication is a great security addition to the traditional password security. It might seem annoying to ask for another level of added security, but it has stopped many of our clients’ losing data.
Often companies will have a policy in place to ensure that all users make use of multifactor authentication. On personal accounts, there is often a way to turn it off, although this is not recommended and if you have multifactor turned on, you should keep it that way.
In conclusion, the extra hassle is worth the security additions that multifactor authentication ensures. Without your organisation having multifactor authentication implemented in security, there is a huge gap in security of your organisation.