What is Multi-factor Authentication?

When you sign into your online accounts - a process we call "authentication" - you're proving to the service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately that's not a very good way to do it. Usernames are often easy to discover; sometimes they're just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites.

That's why almost all online services - banks, social media, shopping and Microsoft 365 - have added a way for your accounts to be more secure. You may hear it called "Two-Step Verification" or "Multi-factor Authentication" but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

How do I setup Multi-factor Authentication?

The process for setting up MFA will vary from system to system, a guide for setting it up in our commonly used systems are provided below.

How does it work?

When you sign in to most accounts you enter your username and password, if thats all you need then anybody who knows your username and password (and if you reuse passwords, then chances are your details have been leaked somewhere) can sign in as you from anywhere in the world.

But with multi-factor authentication enabled you will get prompted to use something else to verify your identity. The exact process will vary depending on the system but if using an Authenticator app you open your smartphone and be shown a dynamically created number which is unique to your phone that you need to type into the site, or you may be text a similar code or emailed a link to click to log in.

If someone else tries to sign in as you then they will be stuck without that second form of authentication and if you receive a notification when you are not attempting to sign in then this could be a sign that someone is trying to get into your account.

Download the Microsoft Authenticator App

For more information and instructions on downloading the Microsoft Authenticator App click the link below. As well as using it for your work and schools accounts, you can also use it to secure your personal Microsoft, Google, Facebook, X, Amazon and many other types of account.

Microsoft Mobile Phone Authenticator App | Microsoft Security