You’ve probably seen a wealth of reports in the past couple of months regarding the stealing of intimate photos of celebrities and the subsequent posting of these images online. It’s believed this was made possible through the use of third party software which obtained the users’ login id and password, one way of preventing this from happening is to implement multi-factor authentication (or two-step verification) to stop the tool from being able to infiltrate the relevant service’s internet storage.
Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.
This addition of multi-factor authentication is part of Microsoft’s ongoing effort to enhance security for Office 365, and they’re already working on Office desktop application improvements to Multi-Factor Authentication for Office 365. Office 365 offers many robust built-in security features for all customers and also optional controls that enable subscribers to customise their security preferences.
After a user is enabled for multi-factor authentication, they will be required to configure their second factor of authentication at the next login. Each subsequent login is enforced and will require use of the password and second factor of authentication, any of the following may be used for the second factor;
- Call my mobile phone. The user receives a phone call that asks them to press the pound key. Once the pound key is pressed, the user is logged in.
- Text code to my mobile phone. The user receives a text message containing a six-digit code that they must enter into the portal.
- Call my office phone. This is the same as Call my mobile phone, but it enables the user to select a different phone if they do not have their mobile phone with them.
- Notify me through app. The user configured a smartphone app and they receive a notification in the app that they must confirm the login. Smartphone apps are available for Windows Phone, iPhone, and Android devices.
- Show one-time code in app. The same smartphone app is used. Instead of receiving a notification, the user starts the app and enters the six-digit code from the app into the portal.
It may not be intimate photos (we hope not!) that are stored in your Inbox or OneDrive but the risk is the same – could you afford for your account to be compromised, what are the consequences of somebody obtaining your user id and password? To find out how multi-factor authentication for Office365 can help eliminate this risk contact us on 01695 731233 or drop us an email to email@example.com