Why wouldn’t you add another security layer to your MS 365?
2FA Is a Simplified User Experience
Two-factor authentication gives you that second layer of security beyond a password while still making it easier on the user, than MFA.
2FA Protects Against Unauthorized Access
With the introduction of Office 365, Microsoft has given IT departments and the end user much more control over their ability to access files, storage, and network resources. Office 365 integrates with Azure Active Directory to sync passwords and provide single-sign-on to a multitude of applications to make things much easier on both the end user and the IT department. However, since Office 365 account credentials are directly tied to so many other resources, it becomes a highly valuable target for attackers.
2FA Helps Mitigate Phishing Threats
According to the 2017 Verizon Data Breach Investigation Report, 81 percent of hacking related breaches rely on stolen, default, or weak credentials. Dealing with default and weak passwords is something you can handle with other solutions, such as identity and access management. Stolen credentials are another problem altogether.
Phishing attacks designed to steal credentials, known as credential harvesting, are on the rise. Relying on fake login sites, such as a counterfeit Office 365 login page, attackers are able to trick users into handing over usernames and passwords. When 2FA is employed, however, having just the username and password is not enough. Without that additional form of verification, the attacker cannot access the account.
2FA Provides Many Options
With two-factor authentication, you can rely on highly sophisticated solutions—such as retina scans, fingerprints, or other biometrics—but you can also make use of much simpler forms of validation. Some organizations prefer the use of a device such as a hardware token that is plugged into the computer to verify the user identity, or even a software token that works on a computer or mobile device.
Other options include:
- An SMS message that provides a one-time use code
- A verification email
- A voice call to a known number
- A push notification to a mobile device app
You can determine which second form of validation works best within your organization and employ that as your additional layer of defense.
Though 2FA offers a promising layer of security, it only works if it is configured and managed properly. Mistakes made during the setup and ongoing management of this type of security control can leave the door open to attackers while giving your organization a false sense of security. On the other side, it could also lock down systems to the point that your organization is unable to get their work done because of misconfigurations.
When looking into 2FA options, work with a trusted partner that can not only help you make the best choice for your organization, but can also help ensure that you are implementing 2FA the right way for you. Rely on their years of knowledge and expertise to help guide you through the process and make the best decisions to protect your resources and data.