Multi-Factor Authentication for Smaller Organizations
Multi-Factor Authentication (MFA) is the security tool we all love to hate. It’s like spinach when you were a kid–you knew it was good for you, but you still didn’t want to eat it.
Multi-Factor Authentication Explained
What is multi-factor authentication? It’s a way of requiring an additional “factor” before admitting you to a website or application. The security saying I learned what, “something you have, and something you know.” I talked about MFA in a recent blog post concerning Secure Score.
As an aside: you could also call it two-factor authentication, because most uses involve no more than two factors. But you’ll impress more people with your security knowledge if you use the term multi-factor authentication or (better yet) MFA.
You know that many applications require you to log in, using a user name and password. The user name identifies who you are (or at least, who you claim to be). So the password is the first factor of authentication; supposedly, only you know your password. Multi-factor authentication takes this one step further, asking you to provide information based on something that only you (should) have. This might be code from an authenticator app, a code supplied by a text or SMS message, a fingerprint an your smartphone, a facial scan… and so on. We all know that user names and passwords can be guessed, and that stolen user name/password combinations can be bought online. So requiring a second factor of authentication–especially one that is much less likely to be compromised–dramatically reduces the risk of cyber attack via stolen or compromised credentials (another cocktail party word for you, meaning “user name and password combination.”)
A Deal Smaller Non-Profits Shouldn’t Resist
Money is always tight in non-profit organizations. So you might have held off implementing multi-factor authentication for cost reasons. Well, if your organization has fifty or fewer employees, Microsoft has removed this sales objection. You can now get up to fifty Enterprise Mobility + Security (EMS) E3 licenses for free. (And if there are more than fifty employees, don’t worry; Microsoft continues to offer the EMS E3 licenses for less than $24 per user per year.)
If you want to purchase these free/discounted licenses, go to your Admin console, look for Billing and then choose Purchase Services.
There are plenty of other “goodies” in the EMS subscription.
- You can manage devices like smartphones, laptops and tablets while they’re “in the wild” (another cocktail party term for you).
- You can also manage the security of applications on those devices.
- You can set information protection policies that stay with the content, regardless of where it lives or gets transmitted.
- You can manage suspicious activities using Microsoft-developed behavioral analytics.
So let us know if you’d like to learn more, or if you’d like help getting multi-factor authentication set up in your organization.
Thanks to our friends @TechSoup for shouting out about this new Microsoft offer.