{"id":1471,"date":"2014-05-07T09:06:27","date_gmt":"2014-05-07T16:06:27","guid":{"rendered":"https:\/\/thebeagle.itgroove.net\/?p=1471"},"modified":"2023-02-24T21:48:28","modified_gmt":"2023-02-24T21:48:28","slug":"o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication","status":"publish","type":"post","link":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/","title":{"rendered":"O365 MultiFactor Authentication in depth\u2013Part 1\u2013what is multifactor authentication?"},"content":{"rendered":"

I wrote a quick post a few days ago about O365 and multifactor authentication but then I realized that many people don\u2019t know what this is or why you might want it.\u00a0 So, this is my primer on multifactor authentication as it pertains to O365.<\/p>\n

First off, what the heck is <\/em>multi-factor authentication?\u00a0 For that matter, what is authentication itself?\u00a0 In simple terms, authentication is the process you follow to identify<\/em> yourself to a system and provide something to the system that then positively verifies your identity.\u00a0 <\/em>In other words you provide information to the system that only you should know to prove to the system that you really are you<\/em>.\u00a0 That is the authentication<\/em> piece of the puzzle.\u00a0 Once your identity is verified and authenticated the system can provide you with access to resources that you are allowed to use meaning appropriate security filters<\/em> are applied based on your verified identity.\u00a0 And, obviously, this can mean you have access to sensitive or private information that only you should have; you don\u2019t want unauthorised<\/em> users accessing your data.\u00a0 All of this becomes critically important with Cloud services such as O365 as you are many steps removed from simple physical security measures (eg only you can access the PC that contains the data).\u00a0 Also, there is a large movement to \u201cclaims-based authentication\u201d which basically gives you access to data because you claim <\/em>to be you.\u00a0 Somewhere, somehow, the system needs to positively identify and authenticate your identity before it lets you go any further in this kind of scenario (and, yes, I have greatly simplified a very complex process, just bear with me).<\/p>\n

For many years the basic authentication system was password-based; you supply the correct password for your account and you\u2019re in and away to the races.\u00a0 The problem with this is it really is not very secure and it really doesn\u2019t do anything to authenticate<\/em> your identity as anyone<\/em> could login as you if they knew your password.\u00a0 There is nothing in this process that is any more secure than a simple key in a lock \u2013 the lock neither knows nor cares if it is you<\/em> turning the key, it just cares that the key fits.\u00a0 If the key fits the person with the key is in.\u00a0 So, in simple terms, a password-based system is not truly a way to authenticate anything as it is merely a locked door.<\/p>\n

\"image\"<\/a><\/p>\n

This kind of system can be beefed up somewhat with addition of some form of biometric scan like a finger print reader but while the scan is probably tied only to you (it is your finger after all), the process can still be pretty weak if the scan simply fires off a login with your ID and password in the background. This is the process that laptops and other devices follow when you fire up Windows and swipe your finger across the reader; you gain access but you really have not done anything different from\u00a0 entering your login and password.\u00a0 If, God forbid, someone got hold of your finger they could perform the same \u201cswipe\u201d and gain access to your system but, obviously, they would not<\/em> be you.<\/p>\n

Now, what if we \u201cdivorce\u201d the biometric scan from firing off your login and password and, instead, require that you enter your login and password AND<\/em> also require the biometric scan after<\/em> that entry?\u00a0 We now have a way to authenticate<\/em> that the person supplying your login and password is most likely you because your biometric scan confirms<\/em> your identity.<\/p>\n

\"image\"<\/a><\/p>\n

And this, in a nutshell, is multifactor authentication<\/em>.\u00a0 In very simple terms your claimed identity is authenticated by supplying two or more factors <\/em>which, when combined, could only have come from you.\u00a0 In many cases this is described as supplying something only you know<\/em>, like your password (factor one) along with something only you have <\/em>or are <\/em>, like your fingerprint (factor two).\u00a0 Put those factors together and you are authenticated <\/em>to the system.\u00a0 Once authenticated the system can also tell other systems that trust it that you are who you say you are or who you claim <\/em>to be so the claims-based<\/em> authentication process works across the board.<\/p>\n

There are many different types of multifactor authentication available.\u00a0 One of the most common and one that has probably been seen by the largest number of people is that provided by SecureID<\/strong> and other vendors through the use of a hardware \u201cfob\u201d:<\/p>\n

\"secureid\"<\/a><\/p>\n

The fob provides a number that changes on a regular basis (usually once per minute); you authenticate with the backend authentication server by providing your own 4 digit number as well as the number displayed on the fob \u2013 you provide something you know<\/em> (your 4 digit PIN number) with something you have<\/em> (the number displayed on the fob).\u00a0 Again, multiple factors are provided and combined to authenticate or prove <\/em>your identity.\u00a0 This type of system can also provide the same generated number (like on the fob display) through software that can be installed on a PC or a smartphone.\u00a0 You run the app and get the generated number which you then input to the authentication system along with your PIN.<\/p>\n

Microsoft uses a similar approach with multifactor authentication in O365 in that it relies on your smartphone as the thing you have<\/em> which it combines with the thing you know<\/em> \u2013 your login and password \u2013 to authenticate you.\u00a0 O365\u2019s multifactor authentication process can send you a one time use\u201cPIN\u201d to your smartphone as an SMS message which you enter as required.\u00a0 You can also have the system configured to call your phone to provide you with the PIN.\u00a0 Either way, the system is positively authenticating your identity before it grants you access to O365 resources.<\/p>\n

My next post will dive deeper into the actual processes inside O365.<\/p>\n","protected":false},"excerpt":{"rendered":"

I wrote a quick post a few days ago about O365 and multifactor authentication but then I realized that many people don\u2019t know what this is or why you might want it.\u00a0 So, this is my primer on multifactor authentication as it pertains to O365. First off, what the heck is multi-factor authentication?\u00a0 For that … <\/a><\/p>\n","protected":false},"author":10,"featured_media":1496,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[247],"tags":[459,501],"acf":[],"yoast_head":"\nO365 MultiFactor Authentication in depth\u2013Part 1\u2013what is multifactor authentication? - Archive<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"O365 MultiFactor Authentication in depth\u2013Part 1\u2013what is multifactor authentication? - Archive\" \/>\n<meta property=\"og:description\" content=\"I wrote a quick post a few days ago about O365 and multifactor authentication but then I realized that many people don\u2019t know what this is or why you might want it.\u00a0 So, this is my primer on multifactor authentication as it pertains to O365. First off, what the heck is multi-factor authentication?\u00a0 For that …\" \/>\n<meta property=\"og:url\" content=\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"Archive\" \/>\n<meta property=\"article:published_time\" content=\"2014-05-07T16:06:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-24T21:48:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/regroove.ca\/archive\/wp-content\/uploads\/sites\/6\/2015\/04\/043015_1744_SharePointa2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"801\" \/>\n\t<meta property=\"og:image:height\" content=\"451\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sean Wallbridge\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sean Wallbridge\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/\",\"url\":\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/\",\"name\":\"O365 MultiFactor Authentication in depth\u2013Part 1\u2013what is multifactor authentication? - Archive\",\"isPartOf\":{\"@id\":\"https:\/\/regroove.ca\/archive\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/regroove.ca\/archive\/wp-content\/uploads\/sites\/6\/2015\/04\/043015_1744_SharePointa2.png\",\"datePublished\":\"2014-05-07T16:06:27+00:00\",\"dateModified\":\"2023-02-24T21:48:28+00:00\",\"author\":{\"@id\":\"https:\/\/regroove.ca\/archive\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77\"},\"breadcrumb\":{\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#primaryimage\",\"url\":\"https:\/\/regroove.ca\/archive\/wp-content\/uploads\/sites\/6\/2015\/04\/043015_1744_SharePointa2.png\",\"contentUrl\":\"https:\/\/regroove.ca\/archive\/wp-content\/uploads\/sites\/6\/2015\/04\/043015_1744_SharePointa2.png\",\"width\":801,\"height\":451},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog Archive\",\"item\":\"https:\/\/regroove.ca\/archive\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"O365 MultiFactor Authentication in depth\u2013Part 1\u2013what is multifactor authentication?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/regroove.ca\/archive\/#website\",\"url\":\"https:\/\/regroove.ca\/archive\/\",\"name\":\"Archive\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/regroove.ca\/archive\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/regroove.ca\/archive\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77\",\"name\":\"Sean Wallbridge\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/regroove.ca\/archive\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g\",\"caption\":\"Sean Wallbridge\"},\"url\":\"https:\/\/regroove.ca\/archive\/author\/swallbridge\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"O365 MultiFactor Authentication in depth\u2013Part 1\u2013what is multifactor authentication? - Archive","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/","og_locale":"en_US","og_type":"article","og_title":"O365 MultiFactor Authentication in depth\u2013Part 1\u2013what is multifactor authentication? - Archive","og_description":"I wrote a quick post a few days ago about O365 and multifactor authentication but then I realized that many people don\u2019t know what this is or why you might want it.\u00a0 So, this is my primer on multifactor authentication as it pertains to O365. First off, what the heck is multi-factor authentication?\u00a0 For that …","og_url":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/","og_site_name":"Archive","article_published_time":"2014-05-07T16:06:27+00:00","article_modified_time":"2023-02-24T21:48:28+00:00","og_image":[{"width":801,"height":451,"url":"https:\/\/regroove.ca\/archive\/wp-content\/uploads\/sites\/6\/2015\/04\/043015_1744_SharePointa2.png","type":"image\/png"}],"author":"Sean Wallbridge","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sean Wallbridge","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/","url":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/","name":"O365 MultiFactor Authentication in depth\u2013Part 1\u2013what is multifactor authentication? - Archive","isPartOf":{"@id":"https:\/\/regroove.ca\/archive\/#website"},"primaryImageOfPage":{"@id":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#primaryimage"},"image":{"@id":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/regroove.ca\/archive\/wp-content\/uploads\/sites\/6\/2015\/04\/043015_1744_SharePointa2.png","datePublished":"2014-05-07T16:06:27+00:00","dateModified":"2023-02-24T21:48:28+00:00","author":{"@id":"https:\/\/regroove.ca\/archive\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77"},"breadcrumb":{"@id":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#primaryimage","url":"https:\/\/regroove.ca\/archive\/wp-content\/uploads\/sites\/6\/2015\/04\/043015_1744_SharePointa2.png","contentUrl":"https:\/\/regroove.ca\/archive\/wp-content\/uploads\/sites\/6\/2015\/04\/043015_1744_SharePointa2.png","width":801,"height":451},{"@type":"BreadcrumbList","@id":"https:\/\/regroove.ca\/archive\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog Archive","item":"https:\/\/regroove.ca\/archive\/"},{"@type":"ListItem","position":2,"name":"O365 MultiFactor Authentication in depth\u2013Part 1\u2013what is multifactor authentication?"}]},{"@type":"WebSite","@id":"https:\/\/regroove.ca\/archive\/#website","url":"https:\/\/regroove.ca\/archive\/","name":"Archive","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/regroove.ca\/archive\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/regroove.ca\/archive\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77","name":"Sean Wallbridge","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/regroove.ca\/archive\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g","caption":"Sean Wallbridge"},"url":"https:\/\/regroove.ca\/archive\/author\/swallbridge\/"}]}},"_links":{"self":[{"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/posts\/1471"}],"collection":[{"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/comments?post=1471"}],"version-history":[{"count":1,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/posts\/1471\/revisions"}],"predecessor-version":[{"id":2913,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/posts\/1471\/revisions\/2913"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/media\/1496"}],"wp:attachment":[{"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/media?parent=1471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/categories?post=1471"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/tags?post=1471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}