+ 10 Resiliency Points
Skill Level: Self or IT Admin
Time: 1.5 Hours
When you sign into an account it is called ‘authentication.’ Commonly, this is done with a username and password. Since usernames and passwords are too easy to crack, many services have offered a way for your accounts to be more secure. Multi- factor authentication (MFA) is using multiple forms of authentication via something you know (password or pin), something you are (fingerprint or biometrics), and something you have (text to your mobile phone, smart cards, security tokens). This is sometimes referred to as Two-factor authentication when it requires two out of the three types of authentications such as a password and a code sent to your smart phone.
Multi-factor authentication is like your house. You most likely do not have a single lock to your front door. Instead, you have a lock on your handle and a deadbolt. Some people even have a door latch as well. It is the same concept with your cybersecurity and protecting your business’ data. You want as many locks as possible to deter the attackers or bad guys. Microsoft says that MFA can block over 99.9 percent of account compromise attacks. With MFA, knowing or cracking the password won’t be enough to gain access.
First, enable this for your personal and business email. This is the most likely point of entry for an attacker, as is your front door to an intruder. Next, it is important that this is done for any cloud service such as your machine/hosts, active directory, ERP/HR, accounting tools, bank accounts, just as you would lock your windows, back doors, etc. Below are the steps for the major email account types (the others are similar).
- Open your Google Account with globaladmin credentials.
- In the navigation panel, select Security.
- Under “Signing into Google,” select “2-Step Verification – Get Started”
- Follow the on-screen steps.8
Note: If you purchased your subscription or trial after October 21, 2019, and you’re prompted for MFA when you sign in, security defaults have been automatically enabled for your subscription.
- Sign into the Microsoft 365 admin center with global admin credentials.
- In the left navigation panel choose Show All and under Admin centers, choose“Azure Active Directory.”
- In the Azure Active Directory admin center choose “Azure Active Directory > Properties.”
- At the bottom of the page, choose “Manage Security Defaults.”
- Choose “Yes” to enable security defaults or “No” to disable security defaults, and then choose “Save.”9
- The next time you and your employees log in, you will be prompted to set up authentication via your phone.
- Mouse over your name in the upper right-hand corner and click “Account Info.”
- On the left-hand bar, choose “Account security.” Move the toggle by “Two-step verification” to the right to start set-up.
- Enter your mobile phone number. You’ll need to be able to receive text messages and/or voice calls at this number. Click the one you’d prefer.
- Soon after you click, you should receive a text or call with your code. Enter the code and click “Verify.”
- With set-up complete, you’ll have the option to generate third-party app passwords—that is, passwords for devices and applications that do not support logging in using a one-time verification code. You’ll want to generate app passwords if you access your Yahoo Mail account on other platforms like iOS Mail, Android Mail, or Outlook.10