define design deploy

We define ourselves by our experience, reliability, and performance. Our tagline “define design deploy” encapsulates how we deliver these virtues to our customers.

Microsoft 2 Factor Authentication – you’re doing it wrong!

Apple’s Push Notification changes will affect your network
31 March 2021
Train your staff to outsmart cyber criminals
19 October 2022
all
Microsoft 2 Factor Authentication – you’re doing it wrong!
August 23, 2022 by in all

Using 2 Factor Authentication (2FA) on email is critical. For business users, if you’re not using 2FA already, we need to have a serious conversation – a conversation that ends with you agreeing to take this more seriously.. Using 2FA prevents someone (or a dark web bot) from gaining access to your account even if they have your password. Yes, they know you’re password – the one that you’ve been using for the last 5 years. Even though they may have your password, what they don’t have is access to your physical location and ability to use your phone for that second approval. But, they have a secret weapon. They can trick you in to providing 2FA. I’m not talking about disclosing your code over the phone to “The IRS who needs to verify your identity”. (Please don’t do that). My concern is your 2FA setup.

 

When setting up 2FA in Microsoft, you can elect your default method to be “Microsoft Authenticator – notification”. In fact, this will be the pre-selected choice if you choose 2FA. When you have this setup, your phone will alert you when there is a sign-in attempt and then show a “Approve sign-in” on your screen.

 

 

 

 

This is incredibly convenient. The problem is, it’s so convenient, you may accidentally select Approve for 100 reasons including: too busy to read the screen, on the phone, not paying attention, in a meeting, driving. You are one click away from being hacked. If this prompt came as a result of a dark web bot using your known password, you may have just let them in. We’re (so) inundated with security prompts on our computer ,we have gotten used to always approving.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A better choice for Microsoft 2FA is to choose “Authenticator App or hardware token – code.” With this choice, in order to approve 2FA, you’ll need to open the Microsoft Authenticator app on your phone, find the code, and then type it into the browser or app. You can’t accidentally launch a nuclear missile with one button press using this workflow.

 

 

 

 

 

 

 

Scott Morabito is a technologist and founder of TechTonic.  He was trained as a computer scientist and resides in Concord MA.

Comments
Share
Scott Morabito

logo