Multi-factor authentication is a technology that improves your account security by relying on more than a password to access your account. With multi-factor authentication (MFA, sometimes called 2FA), logins from unrecognized computers or locations will be stopped unless the user provides additional proof that they are the owner of the account. In addition to "something you know" (a password), these different pieces could be:
Something you have: a recognized phone, computer, or security stick
Something about your location: a recognized location, like a Gravis Law office
Something about you: such as your fingerprint
Microsoft made a video describing MFA and how to get started:
Why is Gravis Law rolling out MFA?
While using longer passwords and passwords unique to Gravis Law all help protect your account, they are still a single point of failure. An estimated 1% of all email messages sent daily are phishing attempts - a method where a hacker tries to trick you into sending your password to the user. By requiring a second (or third) method to verify an account, a compromised password alone cannot give access to your account or sensitive data.
Why wasn't MFA rolled out before?
MFA has been used by the Technology & Innovation department for several months, but Acuity (used by all attorneys for scheduling) claimed to be incompatible with MFA. Upon further research, this problem was resolved by a 3rd party vendor a few months ago, but the Acuity documentation and support desk were not yet updated. T&I is doing a phased rollout to make sure there are no compatibility problems with our systems.
Anticipated Rollout Schedule:
Technology
& Innovation Department – DONE
Sensitive
Data Users without Acuity (Finance, HR) – Wednesday, June 24th
Senior
Leadership Team, all new employees hired after this date – Friday, June 26th
Pilot
Office (Location TBD) – Wednesday, July 1st
Rest
of Organization – Wednesday, July 8th
What will I need to use MFA?
At Gravis Law, we're using a smartphone program called Microsoft Authenticator. Once you install this program on your phone, you'll register the app with your account. Once registered, you'll be able to approve logins from in the app.
Will Gravis Law be able to track, modify, or remotely wipe my phone?
Nope! While the program will communicate with Microsoft to verify your phone is still registered, it does not share your location or phone information with Gravis Law. The application does not have the ability to wipe your phone. While the app does ask to use your camera, this is only to quickly scan the QR code when registering your account. Once it's registered, it will not use the camera for anything else.
What if I don't want to install the Microsoft Authenticator?
If you have Google's authentication tool, or another that generates One Time Codes (OTC), you can often register that instead. Using these applications will require you to type in the six digit code instead of tapping to approve, so they take extra effort. If you don't feel comfortable installing the Microsoft Authenticator app, or do not have a compatible smartphone, you can register your phone to receive text message codes when needed. You'll then type the six digit code into the login page to complete the login. Note: text messages for MFA are less secure than the Authenticator app, as crafty hackers have found ways to trick cell phone companies into swapping your cell phone number with theirs to access the account.
I lost, broke, or had my device stolen. What do I do?
If your smartphone or security token is ever lost or stolen, please contact Mark Zocher right away (24/7) so he can disable that device from logging in. If you are just replacing your phone or want to register a new device, you can visit https://aka.ms/mysecurityinfo to add/remove multi-factor authentication devices.
What can I access with my Microsoft account?
Your Microsoft account is your primary account with Gravis Law. It's used for the following:
Overview After feedback on matter tracking, we have added a “Time Working Old AR” page to the Attorney Productivity Dashboard. This page will track hours spent on matters where you are the Primary Attorney, and the matter has “Old AR” (where there ...
This email was sent to the organization on 4/9/2020 to clarify videoconferencing tools: -------------------------------------------------------------------------------------------- As the world has flocked to online tools to replace in-person ...
If you set up Acuity before February 2020, you will likely need to update your account. By following these steps, you'll make sure that Acuity is properly synchronizing your calendar with your Office 365 account. Log in to Acuity ...
An employee shall not take Gravis Law’s computer systems (which includes, but is not limited to laptops, cellphones, etc.) outside of the United States without advance written authorization from both his/her (1) manager and (2) the Technology & ...
You can set the working hours and location for your Outlook calendar by following this link: https://outlook.office.com/calendar/options/calendar/workSchedule For a while now, Outlook has had the ability for you to add your working hours to your ...