Your IT Consultant

Hackers Attack the Weakest Link in Office 365

June 12, 2019

The recommendation is to always enable multi-factor authentication (MFA) wherever it is available. Many services and applications now have two-factor authentication (2FA) available for authenticating a logon. It may be in the form of a text message code or verification via an authentication app such as Google Authenticator or Duo. Microsoft even recommends enabling MFA for all Office 365 users. In fact, enabling MFA gets you the most points towards your Microsoft Secure Score. So if you’re an Office 365 users, enabling MFA is a good thing.

But don’t stop there. The bad guys can still compromise your account if you don’t disable basic authentication. In other words, they will attack the weakest link. Think of it as a backdoor to your account. CSO has a great post on how to disable basic authentication. Be careful though before you disable basic authentication. You may have other services that rely on basic authentication and are not ready to be restricted to modern authentication. For example, the native iPhone mail application still relies on basic authentication. MFA is still a great thing, but don’t forget to shut down the other methods if not needed.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com