Secure Office 365, Outlook.com, Hotmail.com, OneDrive, Microsoft accounts from Hacking and Identity theft using Microsoft Authenticator App
No doubt you are already using MFA (Multi-Factor Authentication) or 2FA (Two Factor Authentication) or 2SV (2-step verification) for Online Banking, Government Services, Xero and many other online services.
But did you know it can also be used to secure your personal Office 365, Outlook.com, Hotmail.com, OneDrive, SharePoint, Teams, Skype Microsoft accounts from Hacking and Identity theft?
Some MFA apps are specific to the individual bank or company but there are two generic Authenticator Apps that you may be familiar with:
- Google Authenticator
- Microsoft Authenticator
Microsoft Authenticator App
Authenticator Apps reside on your Smart Phone (Android or Apple)
… and will either generate a random code or simply popup on your phone for an approval/ confirmation when you are trying to login to a secure site.
Authenticator apps have mostly replaced Security-Tokens (security fobs), which you may still see being used today.
An alternative to an Authenticator Apps is to receive a SMS/Text message with a code, although this is not as secure as using an Authenticator app due to “SIM Jacking” or “Smishing” (SMS phishing)
Setting up verification on your Microsoft Account
You will have a Microsoft Account if you use Office 365, Outlook.com, Hotmail.com, OneDrive, SharePoint, Teams, Skype, a Windows 11 device etc.
If you use one or more of these applications, turning on 2SV (Two-Step-Verification) and untilising the Microsoft Authenticator App will help protect your applications from being hacked or your identity stolen.
2SV or MFA Verification should be required if you are using a work or business/school Microsoft account. If not please warn your employer about this security breach. We can assist your employer in becoming security compliant, please ask them to contact us.
When logging in to your Microsoft Account, you may be prompted to login as your personal or school/work account
If logging into Hotmail, Outlook.com etc choose the “Personal” account option.
Switch on MFA and use Microsoft Authenticator to secure your account
Go to https://office.com
If not automatically signed in, you will see this screen, simply click the “Sign In” button
Once signed in, click on the circle with your initials in the top right hand corner of the page and click on “My Microsoft account”
On the next page, scroll down until you see the “Security” section
This is a Two Step process
- Step 1 – Install and setup Microsoft Authenticator
- Step 2 – Ensure Two-Step verification is switched on for your account
Step 1 – Install and setup Microsoft Authenticator
Click on “Add a new way to sign in or verify”
You can also get the app from the Apple app store on an iPhone or Google Play on an android phone or by scanning these QR codes with your phone.
Once installed, open the app on your phone and hit the “+” at the top right of the App
Move the phone over the QR code on the screen, and the account will be automatically added to the Microsoft Authenticator app
Step 2 – Ensure Two-Step verification is switched on for your account
If Two-Step verification is “OFF” you need to action it, and turn it “ON”
In this case 2SV is OFF …so we will switch it on to secure our account. Click on the phrase “Turn on”
Click on “Turn On” or “Manage” to continue with the process. You will be asked to sign into your account once more and then proceed to the Set up two-step verification page.
Follow all of the prompts until 2-Step Authentication is “ON”. Now whenever you login to the Microsoft Apps, you will have to enter a password AND be prompted to confirm that login using the Microsoft Authenticator app on your phone.
This protects your account from being accessed or hacked, as the scammers would need your phone to gain access.
iTechWA are experts in everything Microsoft and Apple. For further help or assistance, please contact us here