App Passwords & the Importance of Multi-Factor Authentication

Life in the Cloud….

According to the most recent metrics, Microsoft believes about two-thirds of its Office for Business customers will move to the cloud by the end of 2019. The incredibly popular application makes an enticing target for hackers searching for security vulnerabilities. This makes Office 365 multi-factor authentication one of the most important security measures you can implement to protect your company’s sensitive data.

Data Under Attack….

With over 135 million commercial users, Office 365 is a prime target for attacks. In 2017, hackers made the news when they used newly created brute-force techniques to attack the Microsoft accounts of high-level employees at nearly 50 Fortune 2,000 companies. By following a measured pace to avoid early detection, and using coordinated attacks to try different versions of employees’ usernames and passwords, the attack resulted in over 100,000 failed login attempts before being identified.

Office 365 email attacks have become more and more popular.  Once the hacker gains access to one email account, they use that account to phish other accounts (read our article on phishing here) both within the target’s organization and elsewhere. These kinds of attacks can be easily prevented with the use of multi-factor authentication or “MFA.”

An Extra Layer of Protection….

Office 365 MFA requires the users’ password and a secondary verification method when accessing O365. The additional methods made available by Microsoft include: a randomly generated pass code, a phone call, a smart card (virtual or physical), and a biometric device.

Hackers taking advantage of the popularity of Office 365 initiate phishing attacks by taking users to malicious web sites that often look identical to the O365 login page. When the user attempts to login with their credentials, the hacker takes control of the user’s account and launches additional attacks from there. O365 MFA stops the hacker from gaining access to the account since they have no way of knowing the information provided in the second factor.

The only sure way to protect your company’s sensitive data stored in O365 is to prevent these types of attacks, and O365 MFA is a critical and powerful tool for thwarting unlawful access.

Using App Passwords to Keep Your Data Safe

One of the key ways MFA is used to protect a user’s account is through App Passwords.  App Passwords are long complicated passwords generated by Microsoft for use with applications such as Outlook for your PC or your phone’s email app. It can only be viewed once and is used in place of your regular password when setting up these applications.  To generate an app password, the first step is to log in to Office 365 portal at https://login.microsoftonline.com/ .

Logging in to the portal may require you to make use of your secondary authentication method.  Once logged in click on the circle in the upper right corner of the screen and select “My Account.” 

Select “Security and Privacy” from the menu on the left of the screen.  On the menu that appears, select “Additional Security Verification”, and then “App Passwords”.

 Choose “Create” to generate a new app password.  When prompted, give the new password a name that you can use to manage the password later, if needed.  You can now use the newly generated password in place of your normal password for your mail apps.