Usernames and passwords are an example of
single-factor authentication – a password is something a user knows. Once the password is known to an attacker, it’s very easy for them to exploit the account.
Multi-factor authentication combines something the user
knows, with something they
have, or
are (i.e. biometric data).
Microsoft’s MFA service utilises the concept of the user
having a registered phone, through which they can receive a call, text or notification for a
second authentication step after entering their username and password. If an attacker attempts to login with a stolen password, they won’t be able to login without the user being notified – which they can then
report as a fraudulent login direct to IT.
Azure Multi-Factor Authentication Overview
Watch this video to see how the service works and how it is enabled for both on-premises applications and directories as well as cloud applications that use Windows Azure Active Directory.