Find below the official user guides to configure and use enhanced security for Google and Microsoft accounts. We’ve also included a few itac.technology recommendations for each of these platforms. Please note that the general information and recommendations we have given can be applied to any two factor authorisation or enhanced security on most apps and platforms, not just Google and Microsoft 🙂
A word on shared logins/accounts
It is inevitable in most businesses some shared logins/accounts might exist. A good example of these would be a central email address, like email@example.com or firstname.lastname@example.org. Unfortunately, enhanced security protools like 2FV and MFA aren’t really designed for such situations and most apps/platforms will advise against shared logins. Despite this, we acknowledge sometimes they can’t be avoided. However, they still need to be secured. In fact, as they are shared, they almost need to be more secure than individual logins and accounts! Consider these options to configure enhanced security for shared logins whilst ensuring easy access for multiple team members:
- Set the primary authentication method to call the main business phone number with a code for verification
- If your business has a central mobile phone, consider setting up the Authenticator apps on that phone so someone can always access it easily
- Nominate one team member to be the responsible for the security aspect of the shared login so they know to keep an eye out for the authentication codes on their device and the rest of the team know who to contact if they need one
- Ensure the Backup Codes and primary verification method are documented in the business’ password manager app (contact us if you don’t have one yet) so any team member can access and use codes if required
- Consider changing the way the shared login/account operates so it is no longer shared
Ensure you have considered which approach you plan to take before embarking on the steps to configure, then ensure the team are aware of the process to ensure no one is locked out of the account.
Google’s Two Factor Authentication (2FV)
Super simple to setup following the guide.
- Follow the guide to Turn on 2-Step Verification – https://support.google.com/accounts/answer/185839?co=GENIE.Platform%3DDesktop&hl=en#
- Once configured the first time you will be presented with the Two Factor Verification settings page in your account. We suggest the additional steps:
- Add at least one Backup Phone Number – we suggest a central business phone number. If for some reason your phone is unavailable or another team member needs to access your account, they can use this alternative method of verification
- Setup and store the Backup Codes – if your phone is lost, stolen or replaced, you may be locked out of your account. You can use these codes to get back in. We suggest using a password manager app ([contact us] if you don’t have one yet) and storing these in there
- Then find out How you sign in with 2-Step Verification – https://support.google.com/accounts/answer/1085463?hl=en&ref_topic=7189145
Microsoft’s Multi Factor Authentication
Microsoft’s process is still pretty simple, but not quite as friendly as Google. If Multi Factor Authentication is enabled for your account you will be able to see the following web pages and finish the configuration.
- Visit this website for first time Multi Factor Authentication Setup – https://aka.ms/mfasetup (you can also revisit this link at any time to change your configuration)
- Then, visit https://account.activedirectory.windowsazure.com/Proofup.aspx to add additional backup methods of authentication. We suggest adding at least 2-3 methods and noting them inside the business; password manager app (contact us if you don’t have one yet). If you need more guidance for this step follow this link – https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-manage-settings
What happens now
So it’s all setup? Great! Now occasionally when you login to your accounts, you will be asked to provide some extra info to prove it is you. There’s many ways to secure an account, however, this is by far the most important and the starting point to foolproof security for your business systems. Get it setup anywhere that matters and rest easy knowing you’re taking a big step toward avoiding crippling cyber attacks and potential business ending data breaches. As always, any q’s or t’s, get in contact anytime.