Published 2023-10-15 by TechNet New England
Multi-factor authentication (MFA) adds a second verification step when you sign in. Even if someone steals your password, they cannot access your account without the second factor. MFA is the single most effective thing you can do to protect your accounts. Microsoft reports that MFA blocks 99.9% of account compromise attacks. ## How MFA Works When you sign in with MFA enabled: 1. You enter your username and password (the first factor: something you know). 2. You are prompted for a second verification (the second factor: something you have). 3. The second factor is usually a push notification on your phone, a code from an authenticator app, or a text message. ## Setting Up MFA for Microsoft 365 ### Install the Authenticator App 1. On your phone, download **Microsoft Authenticator** from the App Store (iPhone) or Google Play Store (Android). 2. Open the app. ### Enable MFA on Your Account 1. Go to [mysignins.microsoft.com/security-info](https://mysignins.microsoft.com/security-info) in a web browser. 2. Sign in with your Microsoft 365 email and password. 3. Click **Add sign-in method**. 4. Select **Authenticator app** and click **Add**. 5. Follow the prompts to link the app: Open the Authenticator app on your phone. Tap the "+" button and select "Work or school account." Scan the QR code shown on your computer screen. 6. Once linked, you will receive a test notification on your phone. Approve it. 7. MFA is now active. The next time you sign in from a new device or browser, you will need to approve the sign-in from your phone. ## Setting Up MFA for Google Workspace 1. Go to [myaccount.google.com/security](https://myaccount.google.com/security). 2. Sign in with your Google account. 3. Under "How you sign in to Google," click **2-Step Verification**. 4. Click **Get Started**. 5. Google will guide you through setup. Options include: **Google Prompts**: A push notification on your Android phone or iPhone with the Gmail app. **Authenticator app**: Use Google Authenticator or any TOTP authenticator app. Scan the QR code. **Text message or phone call**: Less secure but available as a backup. **Security key**: A physical USB key (like a YubiKey) for the highest security. 6. Choose your preferred method and complete setup. ## Using an Authenticator App (General) For other services that support MFA (Dropbox, Salesforce, QuickBooks, banking, social media), the process is similar: 1. Go to the account's security settings. 2. Look for "Two-factor authentication" or "Multi-factor authentication." 3. Select "Authenticator app." 4. Open your authenticator app (Microsoft Authenticator, Google Authenticator, Authy, or 1Password). 5. Scan the QR code. 6. Enter the 6-digit code from the app to verify. 7. Save the backup codes provided. Store them somewhere safe. These are your recovery method if you lose access to your phone. ## Important: Save Your Backup Codes When you enable MFA, most services provide one-time backup codes. These let you sign in if you lose your phone or cannot access the authenticator app. Print them or save them in a secure location (like a password manager). Do not save them in your email, because if your email is compromised, the attacker would have your backup codes. ## What If You Lose Your Phone? If you lose your phone or get a new one: **Microsoft Authenticator**: Sign in at mysignins.microsoft.com from a trusted device, remove the old phone, and add the new one. Or use a backup code. **Google**: Use a backup code to sign in, then set up MFA again on the new phone. **Other services**: Use backup codes, or contact the service's support team to verify your identity and reset MFA. ## When Your Organization Requires MFA If your IT provider enables MFA for your organization, you will be prompted to set it up at your next sign-in. Follow the on-screen instructions. If you need help, contact your IT help desk. Do not delay setting up MFA when prompted. It protects your account and your organization's data.