Verifying username and password login with an additional confirmation step is called two-factor or multi-factor authentication and greatly increases security.
Two-factor authentication is now a requirement for many web accounts and services, such as receiving a confirmation code via text when online banking. Below we will explain how to set up an Authenticator App, but if you would like to understand multifactor authentication further, watch this video: IDCARE How to videos What-is-multifactor-authentication.
Authenticator Apps can do the same verification step as a text or email but is more secure, faster and reliable. Both Microsoft and Google produce their own authenticator app that you can download from your smart phone’s app store. Or you can choose to use a different one from another software provider. You only need to choose one Authenticator App as you can add additional accounts within in.
Some online accounts will allow you to opt into two-factor authentication from your account profile while other workplace accounts may be set to require it at sign-in.
You may be given some choices as to what kind of two factor authentication you can set up for the account. In the above example the login screen is prompting the user to use the Microsoft Authenticator App. Read carefully, and you can see an option in blue text to use a different authenticator app, such as Google Authenticator. In addition, selecting “I want to set up a different method” would allow the setup of text message verification, or automated phone call or whatever other methods are supported by the service.
In our example the user doesn’t have an authenticator app installed on their phone. Following the suggested instructions, they search for, then install the Microsoft Authenticator app from their smart phone’s app store.
Clicking Next on the account login displays a unique QR code with instructions to scan the code with the authenticator app.
After starting the authenticator app on their phone, the user can tap Add account.
Tapping the Scan a QR code option will enable the camera. The app will likely request permission to access the camera etc.
Pointing the camera at the monitor will quickly link the account with the authenticator app.
Now that the link is made, every time the user signs into the account with their username and password, a sign-in verification will be sent to the authenticator app on the mobile.
The verification may simply require a tap on Approve, or may require typing in a code displayed on the computer screen, or transcribing a code that regenerates every few seconds.
If a verification request arrives on the authentication app that isn’t triggered by the user, they can tap Deny or simply wait for the request to time out.