Getting the Most Out of Azure AD : Why MFA Is So Important

Multi-factor authentication (MFA) is no longer an ‘extra’ security measure only necessary for those working with sensitive information. In days past we were able to lock down our accounts with just a simple password, but the rise of bot-automated brute force attacks has made passwords an imperfect security measure that needs to be bolstered by a full line of account defense measures.

Enabling multi-factor authentication where available is a crucial step in locking down your business’s data. Access management tools like Azure Active Directory (AD) can help organizations not only protect their networks but also make the MFA sign-in process easier for employees using cloud-based apps from several different vendors.

What Are Brute Force Attacks?

Brute force attacks are among the most popular password-cracking methods. This can be attributed to how simple it is to automate the process of password guessing and the relatively low stakes of hackers not getting it right.

Applications or scripts try numerous password combinations based on common words (called a ‘dictionary attack’) or by simply trying billions of password/username combinations until one is correct. When login credentials are identified, the hacker then tries them everywhere and often leaks that information onto the dark web – hence why it is also essential to keep separate passwords for each account. The best way to reduce the likelihood of a successful brute force attack is to make your passwords as long and varied as possible. Thrive’sSecurity Resource Center has some great free tools to help users check the strength of their passwords and auto-generate stronger ones. 

Are Strong Passwords Enough?

Some users may think “I already have very strong, unique passwords for all of my accounts. Why do I need MFA?”. This is a valid question, and one Thrive has been asked by clients before. The answer is this – while strong, unique passwords are in fact harder to crack it is not entirely impossible. Managing a password library is nearly impossible by memory, and burdensome by other methods. Password lockers like LastPass are an excellent option for password management, but remember – you’ll need to remember your login credentials for that account separately.

It is also important to keep in mind that brute force attacks are not the only way a password can become compromised. Even strong passwords can easily be discovered using these methods:

Unsecured Networks

If data is shared over an unsecured network, passwords can easily be intercepted and deciphered. 

Keylogging

Keylogging malware skims everything a user types – including passwords.

Phishing

A successful phishing attempt tricks users into giving over their credentials voluntarily. 

Maintaining a portfolio of strong passwords is a great first line of defense, but that’s all they should be – the first line of defense. Requiring the second step of identification for successful account access ensures that your accounts are secured – no matter if or how your password is discovered.

Why Is MFA Important?

Multi-factor Identification – or MFA – is a second step in the login process where the user has to confirm their identity in another way. This might be using something only you would know – like a mother’s maiden name, or a previous password; or something you possess – like a smartphone or other security token. These are some of the most common forms of secondary identification:

Application-based Identification

Common apps such as Microsoft Authenticator generate one-time verification codes sent to your personal device

Biometric

Apps like Hello Windows or even facial recognition on your smartphone are examples of biometric sign-on.

SMS or Phone Call

A code is delivered via text or automated call.

Key Fob or USB

Users are issued physical tokens that are then used for secondary or tertiary identification

Managing Logins with Azure AD

If you or your company are using Office 365, you’re already using a version of Azure Active Directory (Azure AD) under the hood. Microsoft’s Azure AD is an organization’s central identity control and can manage user access to a range of cloud-based applications, enabling a single sign-on for all work-related apps.

Azure AD inherently offers several forms of MFA but allows users to log into all of their cloud-based apps after a single verification has been completed. This means that a single biometric scan or verification code allows your users to gain secure access to not only their Microsoft 365 account but also the tools they use every day like Salesforce or Quickbooks.

If You Have Azure AD, Turn on MFA Now

A basic version of Azure AD comes free with any subscription to Office 365. The full version of Azure AD (Azure Active Directory Premium Plan 1 and 2) which comes with Enterprise Mobility and Security bundles and Microsoft 365 subscriptions is a complete, top-down network security command center protecting more than just information related to your Microsoft accounts.

To get the most out of your Microsoft subscriptions and to learn more about deploying more secure user and access management, contact one of Thrive’s Collaboration experts today.