Using Multi-Factor Authentication

Summary

Describes daily usage of MFA.

Body

Using Multi-Factor Authentication

With multi-factor authentication (MFA) enabled, your account is much more secure and it's harder for criminals to gain access to it. The addition of a second factor of authentication means that you need to not only know your password, but also posses a physical thing that grants access (like the key to your house).

When you try to log in to a supported service (not everything supports MFA, notably desktop PCs), your Authenticator app will generate a prompt asking if you approve of the login. If it's you, choose Approve. If you're not using the app, enter the code from your token/SMS or otherwise respond to the prompt.

MFA is only required about once a week for each service on each device that you sign in to. So you won't necessarily get a prompt every time, particularly if you use the same device in the same location a lot, and this is completely normal.

A prompt to approve or deny an MFA-enabled login attempt.

 It is important that you pay attention to prompts for MFA - if you didn't attempt to log in immediately before the prompt appeared, do not approve it. If a criminal knows your password and tries to log in as you, you'll get an MFA prompt. If you approve that prompt - the criminal now has access to your account.

Therefore, if you receive a prompt that you didn't ask for, you should ignore or deny it (see the next section). MFA prompts are only valid for a short period, so if you're not sure, just do nothing.

Reporting Fraudulent MFA prompts

In the event that you get an MFA prompt you didn't ask for, and you deny it, you'll get a second prompt asking if you want to report fraud. Choosing Report Fraud will immediately disable your account. It will also send an alarm to the IT Department and someone will reach out to work with you shortly thereafter.

The prompt that is displayed after a user denies a login, asking if they want to report fraud.

Sometimes, though, the prompt is not fraudulent. Apps that you leave open for a long time (like Microsoft Teams) must periodically re-authenticate and when they do, they will generate an MFA prompt that you otherwise might think is bad. Before reporting fraud, you may want to check your devices for an app that's waiting for your MFA approval.

In all cases, you may choose Cancel on the fraud prompt, which will still deny the login from happening, so you're safe, but it will not disable your account. Additionally, if you ignore the prompt for a few minutes, it will automatically be denied without disabling your account.

Details

Details

Article ID: 136939
Created
Fri 3/4/22 11:48 AM
Modified
Tue 3/15/22 2:15 PM

Related Articles

Related Articles (1)

Describes what MFA is, why it's important, and includes links to setup and usage articles.