It’s Important. Here’s How to Do It
Listen to Podcast
Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
Community IT Training Video:
How To Enroll in Multi-Factor Authentication (MFA) Using Microsoft Authenticator on your Phone
The video above is provided for anyone needing to enroll in Microsoft Authenticator for work or school, and for our clients who are required to use MFA on their Office 365 account at their organization. The links at the end of the video (in case you missed them):
https://communityit.itglue.com/1334576/docs/1378483 A walk through transcript of this video with instructions and illustrations.
https://www.youtube.com/watch?v=uWbkLuI4g30 MFA Microsoft Authenticator video from Microsoft
https://aka.ms/MFASetup This site will prompt you to set up authenticator for your work or school Office 365 account.
How to Enroll in Multi-Factor Authentication if I’m not a Community IT Client or Don’t Use Office 365?
Nonprofit employees and directors often end up with new responsibilities they weren’t exactly trained for, or new procedures required at your organization or by your insurance that you don’t exactly know how to implement. You know that multi-factor authentication MFA is important, but you might not know how to install it on your own devices.
As cybersecurity becomes more and more important for everyone, implementing Two-factor Identification, more commonly called Multi Factor Authentication (MFA) is the one giant step you need to take TODAY. There is no shame in not knowing something, so let us help you.
MFA is simply combining something you KNOW (or your computer knows), usually your password, with something you HAVE, usually your phone. Your phone is sent a unique code via app, text or phone call, which allows you to log into the account or system you want to use.
If you use an ATM card, you already use MFA when combining the card (something you have) and the PIN (something you know). You probably wouldn’t want your account protected by just one or the other. You shouldn’t allow your data to be, either.
How to Implement MFA
First, install an app to receive verification codes on your phone. Google Authenticator is a popular one as are Microsoft Authenticator, 1password, and LastPass. Here is a good list of other options. You will need your smartphone to take a photo of a QR code. The video above shows you how to scan a QR code with your phone, even if you are not using Microsoft Authenticator, at about 6:08 minutes in.
It’s important to make sure your phone is using its automatic clock. If the clock is even one minute off, the verification code may not be accepted. Check under settings:general:date & time.
Second, initiate MFA or Two-factor authentication
For most phone apps,
- tap on the three horizontal lines in the top, right corner of the screen,
- tap on “settings” or a gear icon,
- you may need to further choose “security settings.”
- Select Two-factor authentication.
On a PC,
- check the top, right for an arrow or “account”
- choose “settings.”
- Look for options like “security,” or “privacy”
- Find Multi-factor or Two-factor authentication.
EVERY program you use which has access to any financial or personal information should be protected by MFA.
Your on-line banking accounts, PayPal, Venmo, etc., even FaceBook and Instagram likely have information you wouldn’t want accessed by hackers.
Some frequently used apps, like Instagram and Facebook, will recognize the device you are using and you won’t need to authenticate each time, but anyone logging in from a different device will be stopped and asked to verify.
The EU has been requiring MFA for all online payments since the end of 2020 and for good reason.
MS Office 365 has MFA as a security default. It expects the Microsoft Authenticator app.
“But, it’s a bother and takes too much time to enter a code!”
Eleven seconds. Probably 15 seconds if you keep your phone in your pocket or bag. Trust us. It’s worth it.
Ironically, while writing this article, I received a letter from the company which provides graduation caps, gowns and accessories to my son’s high school. They had a data breach and my credit card info was exposed. They are offering one year of credit monitoring and insurance to each person potentially affected. Sounds expensive for their company. Did they have cybersecurity insurance that will cover the monitoring costs?
Could your nonprofit afford to do that? Is it a good use of your donors’ investment?
You can avoid paying for a breach later by initiating every cybersecurity option you have now. MFA is a very powerful tool and free. It just takes a minute to set it up. And now that you know multi-factor authentication MFA is important for your nonprofits, you also know how to enroll in multi-factor authentication MFA!
[If your particular app is confusing, simply search the name and MFA. There are many free resources here on our website and online.]
Ready to reduce your nonprofit cybersecurity risk?
At Community IT Innovators, we’ve found that many nonprofit organizations deal with more cybersecurity risks than they should have to. As a result, cyber damages are all too common. Whether at a third party vendor or a phishing or ransomware attack on your own organization, you need to be prepared for cybersecurity risks and understand your work and personal security options.
Our process is different. Our techs are nonprofit cybersecurity experts. We constantly research and evaluate new technology solutions to ensure that you get cutting-edge solutions that are tailored to keep your organization secure. We published our Nonprofit Cybersecurity: a Guide for 2020 to help our community understand the issues. And we ensure you get the highest value possible by bringing 20 years of expertise in exclusively serving nonprofits to bear in your environment.
We regularly present webinars at Community IT about cybersecurity issues. And you can contact Matt Eshleman, our CTO and nonprofit cybersecurity expert, for an assessment.
If you’re ready to gain peace of mind about your cybersecurity, let’s talk.