Microsoft MFA Number Matching
Microsoft MFA Powers Up with Number Matching
Coming February 2023 – What does this mean for your staff and how they access their work devices and services.
By now you’ve most definitely used some form of Multifactor Authentication (MFA) to access your work email or services, bank accounts or personal apps on your phone. MFA ensures that you need to provide another form or “factor” to verify you are who you say you are when logging into personal or sensitive services or data stores. Not only does this protect your company and personal data, but it is the number-one, biggest-bang-for-your-buck solution to the problem of random hackers using your user name + password credentials they’ve harvested from phishing or the dark web to get unauthorised access to your accounts and data. But you already knew this right? 😉
When MFA first rolled onto the scene, IT managers in organisations just like yours were met with a measure of “why do I have to do this every time” resistance. But the benefits soon became apparent as organisations with MFA in place started to experience far fewer of those critical password-driven data breaches that seemed to be occurring weekly pre-MFA.
Fast forward to 2023 and MFA is no longer an optional security extra. It is listed as one of the Australian Cyber Security Centre’s Essential Eight cyber maturity measures and used extensively and routinely by security-conscious organisations for staff to access anything and everything of a sensitive nature.
But what do we know about routines and human nature? Eventually once people get used to something, they tend to start taking it for granted…And with almost every online service now requiring some form of MFA, people are starting to get what we’re calling “Alert Fatigue”. With various MFA prompts popping up throughout the day, the temptation is just to “Accept” or “Verify” and move on. But this failure to slow down, take a pause and consider, has led to a rise in approvals of fake MFA authorisation requests. Instead of asking “hang on a minute…” when an MFA prompt has unexpectedly popped up on their phone, the recipient just instantly approves without due consideration.
To combat this emerging security issue, as of February 2023 Microsoft will commence enforcement of Number Matching as a key security upgrade to its current Microsoft Authenticator MFA tool across all users. This means that if your staff are using the Microsoft Authenticator App on their phones to approve their log-in requests, at some time from February 2023 onwards they will be prompted with an additional authentication step in the form of a number prompt.
After this change, gaining access to an MFA-protected account or service will require your team members to:
- Navigate to log-in screen for the app or service as usual
- Enter your username and password as usual
- Respond to the MFA push notification that appears in the Microsoft Authenticator App
- A number code will appear on your login screen. NEW!
- Type that number into the app to complete your sign-in NEW!
- Gain secure access to your account or data.
If you’re a bit more visual, this is what you can expect to see:
The additional Number Matching features (which essentially add a third factor to the verification process) provides a virtual safety net for your accounts and data by making it pretty much for a rogue actor to authenticate to your account by trying to elicit a hurried MFA approval.
This across-the-board change will start to roll out across Microsoft Authenticator services from February 2023 onwards, but if you’d like to get early access to the Number Matching feature or have some surety around a turn-on date so you can brief your team ahead of time, please reach out to us on 1300 629 786 or at [email protected] and log a Change Request to proactively have Number Matching turned on.
Other great Maxsum content you might like to read:
- There’s more to MFA than Office 365 – Here’s how and why!- Continue Reading
- Multifactor Authentication- The humble password is implicated in more than 80% of data breaches. Find out how you can increase your security by enabling Multifactor Authentication (MFA) to combat the threat posed by stolen password credentials.Continue Reading
- 5 Things in IT Security Leading Companies Get Right!- Continue Reading