MFA: What Is It?

MFA, or Multi-Factor Authentication, is the process of utilizing more than 2 forms of verification for authenticating a user's sign in. Most online services and tools that require a login safeguard their system and your accounts utilizing MFA because it makes it much more difficult for malicious actors to break into MFA secured systems. MFA does not make a system impenetrable, as with 99.999% of systems and services, those protected by MFA are still susceptible to user error and undisclosed vulnerabilities in the systems and services themselves.

MFA utilizes at least 3 methods of verification to securely authenticate users:

Something Known: This is a username or email address
Something that is Secret: This can be password, passphrase, PIN, or Biometrics
Something Unique: Single Use or one-time passcodes are often supplied at the time of verification, either through app, hardware token, or messaging service.

Users should do their best to protect all 3 listed methods.

Avoid using your work email address for signing up to new services or sites. IT can provide an alias to you if you need to sign up for any new accounts.
Keep passwords secure (not on a sticky note or on your desk)
Use a password manager. IT has approved LastPass and KeyPass and can assist in the setup and configuration of these.
Do not re-use passwords across different accounts
Do not share your passwords and PINs
Do not disclose or show single user or one-time passcodes to any person

These easiest, most reliable, and most secure method for using multi-Factor authentication is by using an authenticator application. For HPG Employees it is strongly recommended that you use the Microsoft Authenticator Application, installed on your Smart Phone. The features of this are listed below:

Allows for Password less Authentication (yes, you read that correctly. With the Microsoft Authenticator app, you no longer need to enter your password. It will use your username, biometrics (PIN) already used on your phone, and provide a random single use code response.)
It can be used entirely offline, as can most multi-Factor authentication applications. (This ensures that you can always sign in, regardless of internet or cell phone signal availability)
It is more reliable and faster (Text or email can be disrupted by signal quality or spam filtering)
It is more secure

note: If your phone or hardware token is lost or stolen inform HPG IT immediately so that we can reset your MFA configuration.

Note: Avoid using email as your MFA method. Email is insecure and often leads to compromised accounts.