Why do I need two factor authentication (on Office 365)

office 620822 1920

Why do I need two factor authentication (on Office 365)

Secure Email 2FA

Microsoft Office 365 is a secure email system. In its default settings accounts are protected by a username and a password – so you may ask ” why do I need two factor authentication ?”

Office 365 accounts are only safe as long as no one knows your username (ie your email address) – and your password.

BUT … Imagine the damage that could be done if someone did know your password !

People use their email to store all sorts of information. Plus it’s a communication tool trusted by all those you communicate with – so if someone you email on a regular basis were to receive an email from someone logged in as you, they would naturally assume it was from you.

We have seen all sorts of ways these criminals have taken advantage of someone else’s mailbox – but a really common one is:

Sending emails to your customers who owe money for goods or services you have provided to say the bank account to pay the invoice to has changed – and for the customer to please pay the outstanding invoice into a new account… the money then ends up in the criminal’s bank account and not yours (Ouch !)

Having access to your mailbox the hacker often sets up email rules to divert any emails sent into the mailbox to go to different folders (other than your Inbox) – so you, the legitimate mailbox owner never sees the replies from the customers targeted.

Another huge concern with unknowingly exposing your Office 365 account details is that the criminals will have access to your Sharepoint sites, and also to your OneDrive folders and files.

So, I imagine you’re reading this thinking – well, that would never happen to me – how would anyone get my email password ?

Cyber criminals are sneaky – we have seen an influx of bogus emails to our customers appearing to be from Microsoft asking the user to confirm their Office 365 credentials by logging into (what looks to be) an Office 365 portal. This portal is an extremely well disguised bogus website which captures the persons email address and password – and hands over full control to the criminals – without the person ever knowing this to be the case.

OK … So how do we stop this ?  Good question – with a fairly easy answer:

Firstly we strongly recommend implementing Two Factor Authentication on your Office 365 account.

Secondly, we’d urge you to consider Anti Spam filtering for your company’s Office 365 domain.

Mobile phone

Two Factor Authentication (2FA)

This is an additional layer of security. So even if someone were to know your account details, they wouldn’t have the ability to provide the next level of password.

When you set up 2FA on your Office 365 account (something your Administrator needs to do for you (or your friendly IT Support company)) it asks you if you want to use a Text message as the way to deliver your 2FA code – or whether you want to use a mobile app to generate the codes needed to login.

Both are good methods, and it probably comes down to personal preference which you choose to use:

2FA – Text Message Solution

So, with this method, any time you login to your Office 365 account you enter your username (email address); your password – and are then prompted for a code. This code is sent as a text to your registered mobile phone. You then enter the code, and gain access to your Office 365 account.

2FA – Mobile App Solution

This method uses a separate app on your mobile phone (which has to be registered to your account before it can be used – which is easy to do). So you login with your username and password (as usual) – and are then prompted for a 6 digit code. This code is generated for you from the Microsoft Authenticator app your phone, and is only valid for a 30 second period.

This is our preferred method as it is more secure, and is just as easy as the text message method.

Here is a link to Microsoft video showing how to set up Two Factor Authentication

Read another article of ours on the dangers on not having Two Factor Authentication

Anti-Spam Filtering

Email mailbox

There are several different solutions out there for this type of service – and we at Synium provide a solution for our customers that adds an additional layer of protection for Microsoft Office 365 accounts.

Our Mail Spam protection is a cloud based email security solution designed to safeguard Office 365 email by adding an additional layer of security. It provides protection against threats as well as a solution for business continuity – and also a solution for long term email archiving.

It ‘sits’ between the Office 365 servers and the rest of the internet. This allows it to inspect all email coming in and filter out those it feels pose a threat to the sender and quarantines them for the user to review at a later date. It protects against spam, virus, malware and phishing attacks.

This is an additional cost (of just £1.50 per mailbox per month – plus a £300 setup cost). So a small price for added peace of mind.

Read more about how anti-spam can help filter dodgy emails from getting to you and your staff.

For help with any of the above – or just to discuss how you can keep your emails more secure give us a call at Synium on 0121 663 0203

Simon Tonks

Owner and MD of Synium who loves his job, his life and the wondrous outdoors - especially when on a bike of any kind (but preferably on a mountain bike going downhill fast).Please get in touch if there is anything IT related I can help you with (or if you want to talk bikes :-)