Tag Archive for: multifactor
Outlook for Android, iOS to get own Multi-factor authentication capability this month
/in Mobile Security
Microsoft plans to inject a dedicated multi-factor authentication (MFA) capability into Outlook for Android and iOS, and its general availability is expected to arrive this month.
Microsoft wants to make it easier for its Outlook users to perform MFA. With this, the Redmond company revealed in its latest Microsoft 365 roadmap entry that it will introduce a so-called “Authenticator Lite” in the app. According to the feature description, it will cover work or school accounts being used on Microsoft 365 app, Azure Active Directory, and Outlook.
“Authenticator Lite (in Outlook) is a feature that allows your users to complete multi-factor authentication (MFA) for their work or school account using the Outlook app on their iOS or Android device,” the roadmap entry reads.
Despite this, it is important to note that the company already offers the Microsoft Authenticator that Android and iOS users can use for Outlook, other Microsoft products, and other third-party applications. And while introducing the Authenticator Lite might sound redundant for those who already have the Microsoft Authenticator, this will make Outlook a more comprehensive app armed with its own MFA feature. Additionally, this might be one of the software giant’s initiatives to further boost the security capabilities of Outlook as more authorities put scrutinizing eyes on tech companies.
Last month, it can be recalled that the director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, called out Microsoft and Twitter due to the low MFA usage rate among their customers. According to Easterly, only one-quarter of Microsoft’s enterprise customers use it. The official, meanwhile, praised Apple for the high usage rate of the security feature due to its decision to make the feature a default.
Microsoft is also determined to promote the use of MFA in its products, starting with Outlook. However, instead of going the same path Apple is taking by making MFA default, it seems the software company wants to achieve this by making the security feature more convenient and accessible to encourage more users to embrace it. Once Authenticator Lite is completely rolled out, we will see how effective this…
Ways to Implement Multifactor Authentication Without a Mobile Device
/in Mobile Security
Passwords are hard to remember and even harder to change periodically, and it’s increasingly difficult to devise strong credentials. Instead of confronting the challenge, many users rely on weak passwords and reuse them for multiple accounts. This makes it easy for cybercriminals to guess credentials or obtain them via phishing attacks.
Once gathered, credentials can be sold on the dark web. Then, both the original criminal and hordes of other attackers can gain access to personal and work-related systems and data.
Two-factor authentication (2FA) and multifactor authentication (MFA) are accepted ways to make credentials much less vulnerable. 2FA relies on a combination of something you know (e.g., username/password) and something you have (e.g., your mobile phone or computer, a keycard or a USB) or something you are (e.g., a scan of your iris or fingerprint) to ensure that only authorized individuals can access sensitive systems and information.
MFA can involve all three factors. With MFA, even if the username/password combination is stolen, accessing an account is extremely difficult because criminals won’t be able to complete the additional authentication steps.
Click the banner to access customized content when you register as an Insider.
When MFA and Mobile Devices Don’t Mix
Common methods of implementing MFA often rely on the use of mobile devices. When an SMS message, a one-time password or a push notification is sent, it is commonly delivered to a user’s smartphone. That said, there are some risks associated with sending SMS, one-time password or push notifications for MFA. When implemented improperly or as the sole security method, messages could be hacked and codes intercepted. In fact, the U.S. government has recommended that no MFA solution should rely solely on SMS verification tools.
Ensuring Protection Outside of Mobile-Based MFA
To fill these gaps and ensure 100 percent MFA coverage, agencies may consider hardware security keys. The key is typically a physical device, often a USB drive that only grants access to accounts while it is plugged into a computer. It provides a high level of protection against phishing and hacking because no…
New Login Security Features for Multi-Factor Authentication App
/in Mobile Security
Starting Dec. 19, users will use a two-digit number to access their accounts when using the Authenticator app.
The Microsoft Authenticator app will have new features that improve the security of U of A accounts starting Monday, Dec. 19. When prompted to use multi-factor authentication to access a UARK online service such as Outlook, users will need to verify with a two-digit number. The Authenticator app previously sent an “approve” message to a mobile device, which could be tapped to verify.
The Authenticator app is the most secure method the university offers for multi-factor authentication. Text messages and phone calls are vulnerable to scams and phishing attempts when bad actors persistently send push notifications to pester people to select “approve.” Increase the security of your UARK account by switching to the Authenticator app.
Multi-factor authentication provides an additional layer of security for university accounts that makes it difficult for bad actors to access services, applications and data. This requirement is designed to minimize the potential security exposure to the university and prevent unauthorized use of university resources.
Learn more about multi-factor authentication at the U of A. If you need assistance with multi-factor authentication, contact the IT Help Desk at 479-575-HELP.