Multi-Factor Authentication (MFA)

Definition: Multi-Factor Authentication is the process where you need at least two ways to identify yourself to log in.

• The benefit and idea behind keeping multiple authentications are if the attacker breaks one of the securities, still, your system/data is secure.
• Azure MFA can also secure a Password reset.
• MFA is enabled through Azure Active Directory.

Three main types of MFA methods

Multi-Factor authentication requires two or more of the following.

• Something you know. Typically, your credentials
• Something you have. A trusted device, which cannot be duplicated easily.
• Something you are. A biometric like fingerprint or face scan.

Available verification methods.

• When users signs-in to Azure using credentials and receive an MFA prompt, they can select from one of the registered forms of additional verification.
• Users can add or edit the additional verification from My Profile
• Some additional verification methods.
  • Microsoft Authenticator App
  • OAuth Hardware Token
  • OAuth Software Token
  • SMS (Text Code)
  • Voice Call (Code)

How does MFA work – Using an Example?

• There is one financial application that has enabled Multi-Factor authentication.
• Please refer to below figure

• Step 1 (Something you know): User enters the Id and Password. If the credentials are wrong, the user is thrown out of the log-in process, if credentials are correct it moves to Step 2.
• Step 2 (Something you have): An SMS (with a code) is sent to the user’s mobile. The user enters the code he/she received on mobile. If the code doesn’t match with what Microsoft has sent, then the user is obviously not authenticated, and the process stops here.
• Final: You can add more authentication after step 2 (if you want). After all these steps are successfully passed, the user is logged in to the system.