We recommend watching this video tutorial so you can see MFA in action.
You can also read our written tutorial below.
To start, let’s walk through how to use Multi-Factor Authentication properly. If you don't already have MFA on your business accounts, your IT Provider can assist in that process. If you want to put MFA on personal accounts, there are plenty of tutorials available online on how to do so. Thankfully, it only takes a few minutes to set up across multiple accounts.
In order for MFA to work, you will need two devices, like a laptop and a phone. That's what we'll be using in our demonstration today. Whenever you attempt to log in to an account on your laptop, you will receive an MFA prompt on your phone. Make sure you have the correct Authenticator app on your phone. When you are setting up MFA, the website or your IT Provider will inform you what Authenticator app you will need. We recommend the ones from Duo, Google, and Microsoft. In this demonstration, we'll be using the Duo Authenticator application.
Let’s log in to our Office 365 account. As usual, we will type in our username and complex password and sign in like normal.
Now we should see the MFA prompt screen. If you have the options seen here, click the "Send me a Push" option. It's by far the easiest and quickest MFA option.
A prompt should've appeared on your phone, as you can see in the screenshot below. Click that to open your authenticator app.
We should now see a page with some information on what, when, and where the login attempt is coming from. This type of validation is a simple "Approve" or "Deny". So click the green button, which will confirm that the login attempt was by you.
Congrats! You successfully signed in to your Office 365 account. After a couple of times logging in with MFA, it becomes seamless.
Now, there are a few different types of MFA prompts. The one above was a simple deny or approve. There are also MFA prompts that require you to enter a time-sensitive string of numbers. It’s similar to the codes you receive via text message when you reset passwords or something similar. However, we strongly recommend choosing MFA app verification over text message verification, since it’s much easier for hackers to gain access to your texts.
Now that we’ve learned how to use MFA, it’s time to talk about how malicious actors will try to trick you into approving MFA prompts and handing over MFA codes. This is becoming increasingly common. As quickly as we adapt and find new ways to protect ourselves, attackers are finding new ways around those protections. Don’t underestimate how far they will go in order to trick you.
You may randomly receive a prompt from your MFA app, even though you didn’t sign in to any accounts. This means that someone has gained access to your username and password and is trying to get into your account. NEVER approve this prompt. Instead, deny access, and immediately change your password. If it is a business account, tell your IT provider as soon as possible. You will not get in trouble, if anything it will save time, money, and hours of headache if a breach were to occur.
Another method malicious actors will use is spoofing, where they pretend to be your IT, bank, or even your boss in an attempt to get your MFA prompts and codes. never share your MFA codes, especially if you receive a request out of the blue.
They may also pretend to be selling something on Craigslist, Facebook Marketplace, or another similar site and ask for a verification code to confirm you’re a real person. What they’re doing is trying to get you to share your MFA validation code in order to gain access to your accounts. It’s a convincing scam, but never share any MFA codes you receive.
Review every MFA prompt you receive. Even if you think it’s correct, verify the account, time, and log-in location for every MFA prompt that pops up. If you aren’t paying attention, you could accidentally approve a login for a different account, which means opening the door for attackers compromising your account.
It may seem like there’s a new step to cyber security every day. Multi-Factor Authentication might seem like a waste of time or an unnecessary extra step, but that couldn’t be further from the truth. With cyber-attacks growing increasingly common, increasingly expensive, and increasingly dangerous, we all have to do our part to keep our businesses and selves safe. MFA is the new standard for logging in, and it only takes a couple more seconds of your time.
Have any questions? Contact us, we're happy to help.