News from IT that isn't just for geeks

One-time Setup, Two-factor Authentication

Posted on: February 20th, 2017 by admin

Employees and others with email addresses will soon need to keep their phones handy.

The university’s Office 365 accounts are transitioning to two-factor authentication. I.T. is enabling this change as part of our security assessment with the goal of limiting hacked accounts. But we’re rolling out this change gradually, giving you the opportunity to schedule a date between now and Labor Day. On the date that you choose, plan to spend a few minutes setting up your additional authentication method(s). (Note that any special email accounts you manage will change on the same date as your regular email account. So plan accordingly.)

What Is Two-factor Authentication?

All information systems rely on the assumption that the person using them is authorized to do so. For instance, you should have access to your email account, but nobody else should. Until recently, the only method for identifying trusted users has been to require a password. This method of authorization would be considered one-factor authentication. The downside of relying on just a password is that anyone who learns your password could impersonate you on that system. And passwords can be compromised, both by bots trying to hack into your account and by phishing attacks that can trick you into divulging your password voluntarily.

Two-factor authentication (or 2FA) adds a secondary layer of protection by requiring a password and an additional method of identification. For Office 365, this second method involves your phone. Since it is extremely unlikely that a hacker can not only guess your password but also answer your phone, this is much more secure. Additionally, with 2FA, your phone can alert you if someone has attempted to access your account.

What Will This Look Like?

Amazon, Google, some local banks, and many other online services already offer or require 2FA, so you might already be familiar with it. Once 2FA is enabled for your Office 365 account, it will work in two ways.

Outlook Web Application (OWA)

If you use Office 365 / Outlook through a browser, you will be prompted for a second form of authentication. The day of your account modification, you can decide if you want to authenticate via a phone call, a text message, or even with the Microsoft Authentication app. While the MS app takes a little more time to set up, people find that it is most convenient and it can save phone and text charges, which is especially helpful if you are traveling.

Email Clients and Mobile Apps

If you manage email using a mobile app or an installed email client like Apple Mail or Outlook, you will need to create an “app password.” Mobile apps and some email clients aren’t able to support two-factor authentication. Instead, they need a 16-character app password to bypass the secondary security step. Just like OWA users, you’ll be able to set this up on the day of your account modification. The good news about app passwords is they don’t automatically expire.

Screenshot showing the requirement to set up secondary authentication nowThe I.T. Helpdesk’s instructions for setting up your additional identification is intended for you to follow on the day 2FA is enabled for your account. The I.T. Systems group will modify accounts before 8:00 a.m. to minimize disruption. After 8:00 a.m., sign into the Office 365 web app using your computer’s browser (not a phone or tablet). If it says you need to set up additional security verification, you’ll know you’re ready to begin.



Tags: ,