Registration Quick Links for PCCC Multi-factor Authentication
(Registration can be performed off campus)
When you sign into your online accounts - a process we call "authentication" - you're proving to the service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately, that's not a very good way to do it. Usernames are often easy to discover; sometimes they're just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites.
That's why almost all online services - banks, social media, shopping and yes, Microsoft 365 too - have added a way for your accounts to be more secure. You may hear it called "Two-Step Verification" or "Multifactor Multi-factor Authentication" but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or app (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.
Something you know - Like a password, or a memorized PIN.
Something you have - Like a smartphone, or a secure USB key.
Something you are - Like a fingerprint, or facial recognition.
multi-factor authentication work?
Let's say you're going to sign into your work or school account, and you enter your username and password. If that's all you need then anybody who knows your username and password can sign in as you from anywhere in the world!
But if you have multifactor multi-factor authentication enabled, things get more interesting. The first time you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity.
You won't have to do the second step very often. Some people worry that multifactor multi-factor authentication is going to be really inconvenient, but generally it's only used the first time you sign into an app or device, or the first time you sign in after changing your password. After that you'll just need your primary factor, usually a password, like you do now.
The extra security comes from the fact that somebody trying to break into your account is probably not using your device, so they'll need to have that second factor to get in.
Multifactor Multi-factor authentication is not just for work or school. Almost every online service from your bank, to your personal email, to your social media accounts supports adding a second step of authentication and you should go into the account settings for those services and turn that on.
Compromised passwords are one of the most common ways that bad guys can get at your data, your identity, or your money. Using multifactor multi-factor authentication is one of the easiest ways to make it a lot harder for them.