Details on the 2023 MFA Change
Microsoft is constantly striving to improve security and user experience for its Microsoft 365 users. Above all, cybersecurity, data security, and user privacy have been priorities of theirs in recent years. On February 27, 2023, as part of these efforts, Microsoft will be making a change to the way all Microsoft 365 users verify their identity. This is part of a widespread effort to combat a tactic used by cybercriminals known as “MFA Fatigue”.
What is MFA Fatigue?
Multifactor Authentication (MFA) Fatigue is a tactic used by cybercriminals to overwhelm victims with multiple authentication requests, sometimes over weeks or months, with the hope that the end-user will simply press “Approve” to make the annoyance go away at some point. This often leads to security breaches, which is why Microsoft is taking steps to eliminate the risk of MFA fatigue on its platforms.
How will Number Matching work?
Currently, there are a few ways to verify identity when accessing Microsoft services. This includes tapping an “Approve” or “Deny” button, or entering a code sent via email or text message. On February 27th, however, number matching will become the standard for all Microsoft 365 users.
After this date, when accessing Microsoft services, a two-digit number will be displayed on the screen. To verify their identity, users must enter this number into the Microsoft Authenticator app. This provides an extra layer of security for their Microsoft 365 account.
Note: One time Password (OTP), SMS and phone call MFA methods will not be affected by this change.
What if I use other MFA services?
If you use other MFA services, such as DUO or Okta, these changes will not impact your login process. However, the Cybersecurity and Infrastructure Security Agency (CISA) recommends taking action to avoid falling victim to MFA Fatigue. This is because cybercriminals are becoming quite sophisticated in how they can overwhelm or manipulate their targets.
Goodbye Convenience, Hello Security
For many Microsoft 365 users, this change will mean the end of the convenience of simply tapping the “Approve” or “Deny” button on their phone or smartwatch. Microsoft recommends that users update the Microsoft Authenticator app to the latest version before this change is implemented.
Note: The update will remove support for the app on Apple Watches.
Next Steps for You
The change to number matching is a step forward in improving the security and user experience of Microsoft 365. It eliminates the risk of MFA fatigue and ensures that your Microsoft 365 account remains secure. Make sure to update your Microsoft Authenticator app to the latest version. This change will be a gradual roll out starting on February 27, which means that you may not see the changes until a few days after that date.
About ABS
Advanced Business Solutions is one of the largest IT Managed Services Providers (MSP) in Kentucky. For over 25 years, we have helped businesses of all sizes develop strategic IT plans that accelerate growth, ensure data security, and optimize IT infrastructure.