The primary objective of Multi-Factor Authentication (MFA) is to reduce the risk of account takeovers and provide additional security for our users and their accounts. Since over 80% of cyber breaches happen due to weak or stolen passwords, MFA can provide added layers of security necessary to protect users and their data.

So, you may be wondering…

What is MFA?

When you sign into our Tingdene Group Tech systems - a process we call "authentication" provides a proving service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately, that's not a very good way to do it as usernames are often easy to discover by modern day hackers and external personnel trying to gain unauthorised access to our servers.

With MFA, when you sign into the account for the first time on a new device or app (like a web browser) we now require more than just a username and password. What you will need is what we call a second "factor" - to provide an additional means to authorise your access.

How will MFA work for you?

Let's say you're going to sign into your work account, and you enter your username and password. If that's all you need then anybody who knows your username and password can sign in as you from anywhere in the world!

But if you have MFA enabled, the first time you sign in on a device or app you are required to:

  • enter your username and password (as per usual); and

  • you will get prompted via a mobile app (or other method, see further information below) to enter your second factor to verify your identity.

If somebody else tries to sign in as you, and they have knowledge of your username and password, when they get prompted for that second factor and line of secure authentication, they will not be able to gain access. Unless they also have your smartphone, they have no way of completing the sign-in process.

Why are we implementing MFA across the Tingdene Group?

Primarily, security.

Unbelievably, passwords are a weak form of security.

Historically you would have needed to set a password with a minimum of eight characters, upper and lowercase letters, numbers, and special characters to ensure a password is complex enough not to be guessed by an attacker or bot.

Because MFA requires you to authorise your login via a device that you have set up and have in your possession, security is improved because a bad actor trying to login with your stolen password would not gain access without you first authorizing that login.

We also have a responsibility to you, our customers, and our colleagues to ensure there is negligible risk against data breaches and malicious hacks \ attacks. MFA means we can stop them at the door.

Cyber insurance now also dictates that MFA is a requirement for outside workers; without MFA our home-working offering would invalidate our insurance.

How will this impact me day to day?

When working on one of our 52 site locations, you will not be prompted for MFA. We have authorised our locations as not to impact day to day operations.

If working from home or another (non-office) location, you will be asked to use MFA to establish your VPN connection, and occasionally to authenticate your Office 365 services such as email, Teams and OneDrive.

The easiest method of authentication is to use the Microsoft Authenticator app, as this will prompt you to approve the sign-in request without having to enter any codes and further passwords. Other options are available (further outlined below); however, they are not as easy to navigate.

What if I do not have a company mobile?

If you do not work from home / remotely:
This is no issue, simply enter the Tech Team mobile number (07984448314) as your authentication option. And the Tech Team phone line (01933 449077) as your phone number option. All colleagues are required to set-up MFA; therefore, the details above will allow you to contact us should codes be required for any reason.  You will need to contact support when registering for MFA.

If you work from home / remotely:
We encourage you to install the Microsoft Authenticator app on your personal mobile.

If you do not wish to install the authenticator app, upon set-up you can choose either of the following options:

  • Receive SMS code for entry.

  • Receive phone call with a code for entry.

What if my battery is flat or my phone broken?

Not an issue, please contact the Tech Team and we can issue you a temporary bypass code to get authenticated.

What if there is no available signal?

The MFA app does not require a mobile signal, only internet (WiFi).  If you choose SMS, then this will require a mobile signal to work. The ‘call you’ option will only work if you have mobile signal or have WiFi calling enabled with a WiFi / internet connection.

Are you being prompted to authenticate in the office?

If this occurs, please submit a request to the Tech Team asking us to check your location is “Trusted”.

Lastly, we have provided you with a setup & user guide, this will show you step by step how to set up this new feature as seamless as possible.

Setup Guide

The following options are available for authentication using our new MFA solution:

  • Microsoft Authenticator App

  • SMS

  • Phone Call

  • Email (to an external email address)

Each of the above signup methods varies slightly, however the general concept is the same. Please follow the following steps to setup MFA authentication:

  1. Visit https://aka.ms/mfasetup to begin enrollment.

We recommend doing this step via a PC, laptop, or device other than the mobile device you use to use for authentication.

  1. Sign-in with your company email address and normal Tech password.

  2. Select your preferred authentication method to begin enrollment.

Follow the on-screen prompts ensuring you have access to each of the authentication options you wish to set up.

  1. During the registration process you will be sent a notification or message to verify that method.

  2. Complete, your MFA is now activated and ready for use.

  3. You can repeat this process to add other / more methods allowing for other options should your primary verification option be unavailable.

User Guide

To experience and/or test MFA, or to change your MFA verification options, you can visit https://aka.ms/mfasetup any time.

As this link is used to access your account, MFA will be triggered regardless of your location.

The sign-in process generally uses the following flow:

1. When accessing a secured service, you will be prompted to complete the usual Microsoft sign-in with your email address and main tech systems password.

a. In some cases, this will happen automatically when logged in to a workstation using the same account.

2. You will be prompted to approve the sign-in via your chosen authentication method, select “I can’t use this method right now” if your device or option is not available.

3. If using the Microsoft Authenticator app for example, the below prompt, or similar should appear on your mobile device:

4. Upon approval you will be taken to the system you were logging in to.

There are slight variations to the above flow depending on how you choose to authenticate, however, it is generally the same process.

If you have any additional questions, please feel free to contact our friendly Tech Team.

Thank you.