Administrator accounts are very often directly targeted by hackers and attackers, as they provide a very large scope for hackers to steal data, adjust settings or perform similar things on the network. Administrators are constantly working with sensitive, critical and secret data that should not be freely accessible to the public. A successful cyber attack on an administrator account without a pre-enabled authentication method for the administrator account would therefore have significant consequences for the respective company, their customers and ultimately the economic success. In this article, we will show you how to use two-factor authentication to repel 99% of all cyberattacks on user accounts.
The setup of multi-factor authentication
MFA (Multi Factor Authentication) or two-factor or two-phase authentication refers to a method where one or more additional authentication methods are used during login. In the following, we will show which different methods can be used to set up MFA for Microsoft 365 accounts.
For example, it is possible to receive an SMS with a numerical code after entering the password, which must also be entered after entering the password. Otherwise, biometric authentication methods can be used, such as a fingerprint sensor on the computer, which can be activated in Windows in the security settings via "Windows Hello".
Further options are offered by the Microsoft Authenticator app, which is available for free in every smartphone app store. Besides a numeric code, the app offers the option to receive a push notification when a login attempt is made, which only has to be confirmed afterwards. In this case, access to the app itself is protected by a password or a biometric method such as fingerprint or facial recognition. Another advantage of the Authenticator app is the fact that it can be used without an active Internet connection.
Those who want to take MFA authentication even further in terms of security options can rely on a FIDO2 key. FIDO2 (Fast IDentity Online Protocol) provides very strong passwordless MFA and uses two factors such as biometrics, hardware keys or smart cards. FIDO2 works on a cryptographic basis of the challenge-response method and forms an asymmetric encryption. FIDO2 Keys are also available with an integrated biometric fingerprint scanner or with an NFC interface, for example, for logging in on a cell phone or tablet.
What to do if everything goes wrong?
Now the question remains what can be done if, for example, the multifactor service has a malfunction or a rule of the service has been misconfigured. There are so-called break-glass accounts for this purpose. These accounts are excluded from the set of rules for the application of multifactor authentication so that access is still possible in the event of a fault or a misconfiguration of the service. In addition, break-glass accounts are protected with a very complex password and any activity from such an account is strictly monitored.
Managing administrator accounts and setting up the most convenient multi-factor authentication method possible is part of our managed service, which we offer individually for our customers with our N365 product. If you would like to benefit from the services of a managed service partner who, for example, sets up MFAs and monitors break-glass accounts for you, please contact us without obligation. We will advise you on all service areas and create a service package for you that is precisely tailored to your infrastructure.