Multifactor authentication
The magic three letters have been known in IT for many years: MFA. MFA stands for Multifactor authentication and roughly speaking means that I as a person am more than just a factor (my password) to successfully authenticate myself, i.e. to prove that I really am me.
Where in the "old world" the password was still sufficient, hopefully everyone now knows that nothing is easier to crack than the password (except perhaps an even worse password) 😉.
To successfully prove my identity with MFA, I enter something I own or am in addition to what I already know, i.e. my password. For example, I own my smartphone or my work computer. I am also ME, so I use biometrics such as facial or fingerprint recognition.
The well-known text message with the six-digit code or the voice call from the tape are also methods of multi-factor authentication.
About the author
Patrick Jochmann
Modern Workplace Consultant
About the author
Patrick Jochmann
Modern Workplace Consultant
Multifactor authentication
The magic three letters have been known in IT for many years: MFA. MFA stands for Multifactor authentication and roughly speaking means that I as a person am more than just a factor (my password) to successfully authenticate myself, i.e. to prove that I really am me.
Where in the "old world" the password was still sufficient, hopefully everyone now knows that nothing is easier to crack than the password (except perhaps an even worse password) 😉.
To successfully prove my identity with MFA, I enter something I own or am in addition to what I already know, i.e. my password. For example, I own my smartphone or my work computer. I am also ME, so I use biometrics such as facial or fingerprint recognition.
The well-known text message with the six-digit code or the voice call from the tape are also methods of multi-factor authentication.
Why am I explaining this?
As one of several MFA methods, the SMS or voice variant, also summarised under the term "Phone", is significantly better than having no MFA at all and still relying exclusively on the password. Nevertheless, Phone is by far the technically weakest method for secure authentication. In addition, Microsoft will soon introduce the old MFA portal by the one already available, Replace new portal in Azure.
My recommendation: Away from the phone, towards stronger methods!
Not only, but also Microsoft has been following this path for some time and has now recently announced a further change in its Microsoft 365 world in order to replace the "Phone" method worldwide. In the coming weeks, Microsoft will be launching a registration campaign to ensure that users say goodbye to the insecure SMS and voice call option.
Act quickly now!
Why wait until September or other future deadlines? Why, for example, passwordless login is not a distant future, but already a reality...
Why a six-digit PIN is far more secure than a cryptic, long password...
Why SMS is so unsafe...
How we can walk the path together...
We would be happy to discuss these and other questions in person.