MFA: Authentication Methods

HPG strongly encourages employees to utilize the use of their smartphones for MFA/2FA authentication, specifically, we suggest that they utilize the Microsoft Authenticator app. Text Message, Phone Call, and Email are no longer supported methods by many services providers including Microsoft 365 and NetSuite, which are the primary services utilized by HPG Employees. Use of an authentication application on a smart phone is both the easiest method for employees and also the least expensive method for both employee and business.

Microsoft Authenticator enables the ability for employees to:

Sign In without password.
Receive Push Notifications when an attempt to sign on occurs.
Sign in without internet access on their smart phone.
Enable MFA/2FA on other services they use.

Microsoft Authenticator is not required. Users may use any authenticator app on their smartphone. Such as Google Authenticator, DUO mobile, etc.

Employees that opt out of using their smartphone may be assigned a hardware token by the company. Availability of hardware tokens may not be immediate. Employees that opt for the hardware token must understand that:

The first token assigned to an employee is provided by HPG without cost.
Replacement due to theft, loss, or damage is charged to the assigned employee at full cost of the replacement.
Employees need to report loss or theft immediately.
Employees may not share their hardware token with other employees or persons.

Employees will need to complete this: MFA Hardware Token Procurement : HPG Brands and confirm they understand this policy before a hardware token is ordered and assigned to them.

Question and Answers

Q: Why am I being asked to use my own smart phone for something that is clearly managed by the company?

A: You own your identification. MFA and 2FA are methods to verify your identification. The most convenient method of verifying YOU is by utilizing something that you are likely to always have with you, your smartphone. Other methods, such as the Hardware Token, are not as convenient and are easily misplaced without proper care by the person the device is assigned to.

Q: What information does HPG receive when I use Microsoft Authenticator?

A: Nothing. HPG does not receive any information from your smartphone when you use Microsoft Authenticator for authentication. Authenticator can be used in an entirely offline mode, as well, so if you want to be extra careful, you can block Microsoft Authenticators access to the internet and use it offline only. Note, that when in offline only mode, you will not be able to use advanced functions such as Signing into your Microsoft 365 account with Push or Passwordless authentication.

Q: Can HPG use Microsoft Authenticator lock, block, or erase my smartphone?

A: No. The Microsoft Authenticator app is not a device management application and does not give any permissions to HPG to manage or erase any data on your devices.

Q: If I lose or break my Hardware Token what should I do?

A: You should report a lost or stolen hardware token immediately. Failing to do so could result in disciplinary action. HPG provides employees with their initial hardware token if you request one, however, any replacement due to theft, loss, or damage will be paid for by the employee that was assigned the hardware token. Employees are fully responsible to ensure that their tokens are safeguarded and cared for properly.