There are few technical features that protect your accounts more than using MFA. With MFA, it is not enough to know a username and a password; you are also challenged to prove who you are using another authentication factor. With MFA, you generally need to be able to log in with the following:
• Something you are, such as your user account name or a biometric attribute
• Something you know, such as a password
• Something you have, such as an additional authentication factor (smartcard, smartphone app, or security key)
Given the fact that an MFA challenge is only triggered following a successful login attempt, it is still reliant on passphrases that are not easy to guess. In other words, if an MFA challenge is triggered, the respective username/password combination has already been successfully validated (refer to the following screenshot for reference):
Today, there are several options for using MFA in Azure AD:
• A push message from the Microsoft Authenticator smartphone app
• A one-time password (OTP) from the Microsoft Authenticator smartphone app
• A text message with an OTP sent to your mobile device
• A phone call to an authentication phone
• A security key or token
If you have set up MFA the right way, you can react to all situations with a combination of these options. If you do not have access to mobile data or Wi-Fi, you can use the OTP code from a text message or from your smartphone app. If you leave your smartphone at home, you can get a call to your office phone (or another authentication phone you defined during the configuration process).
Important Note : It's important to understand that you should not use your mobile phone number as your authentication phone for obvious reasons. If you lose your phone or leave it at home, few options will remain open to you.
Thant Zin Phyo@Cracky (MCT, MCE, MVP)
No comments:
Post a Comment