Skip links

If You Don’t Have Multi-Factor Authentication Enabled, What Are You Waiting For?

Last year, Microsoft reported that at least 99% of its customers’ compromised accounts were not enabled with multi-factor authentication (MFA). Despite the availability of multi-factor authentication, few organizations are enabling it. What many don’t realize is that by enabling MFA, they could be protecting themselves from a multitude of phishing email and password attacks. If you are one of the many organizations not using MFA here is some serious food for thought.

Why is MFA Better than Basic Authentication?

MFA is one of the best defenses against a remote phishing attack, where the attacker attempts to log into an Office 365 account. Instead of being granted immediate access to the compromised account, the hacker will need to already have access to a second factor, such as the user’s smartphone, where a verification code can be sent. Without that verification code, the bad actor cannot log into the rightful user’s account. If only basic authentication were turned on, the attacker could sail right through the login process.

Devices needed for multi-factor authentication.

In Microsoft’s recent Cyber Signals report, it was reported that as of December 2021, only 22% of customers using its cloud-based Azure Active Directory (AAD) had turned on “strong identity authentication.” MFA and other password-less solutions like Microsoft Authenticator app. While this is a good start, 78% of AAD customers who haven’t enabled the stronger authentication are still being exposed to phishing emails and other attacks. Those with MFA enables are seeing virtually no breaches.

Is Your MFA Enabled?

If you have enabled MFA, you have a much lower risk of your systems being compromised by hackers. If you don’t have MFA turned on, or can’t turn it on, it could be that your Office 365 is set to the default of “basic authentication,” which cannot support MFA. You need to first enable to “modern authentication.” Beginning in October 2022, Microsoft will be disabling the default setting of basic authentication.

It’s 2022 and there is no sign that cyber criminals are going to back off anytime soon. Multi-factor authentication is a tool that every organization needs to be using to protect themselves. If you’re not using it now, what are you waiting for?


About PrimeEdge Technology

PrimeEdge is a premier office technology solutions and services provider based in Winchester, VA. Services include Managed IT, Managed Print, Voice, Unified Communications and XaaS. Products include a wide variety of HP Printers, Scanners, MFPs, Computers and Workstations.

For the latest industry trends and technology insights visit PrimeEdge’s Resources Page.

Leave a comment