a photo of Microsoft's authenticator app showing a sign in request

Commonly Asked Questions About 2FA

This blog is part of our cybersecurity basics series which you can read here.

In today’s age, digital security is more important than ever before. As cyber-attacks become more sophisticated, it’s essential to take steps to protect our online accounts and personal information, especially Microsoft 365. 

We have encouraged our customers to enable two-factor authentication (2FA) – a powerful tool that can help prevent unauthorised access to your Microsoft 365 account. 

Naturally, many of our customers still have questions about how 2FA works and whether it’s really necessary.  

In this blog, we’ll answer some of the most commonly asked questions about 2FA and help you understand how it can enhance your online security.

Q. How does the login process change when using 2FA?

A. When you enable 2FA on your Microsoft account, you essentially add one extra step to the login process. This means you’ll need to enter your email address and password, in addition to a One Time Passcode (OTP). 2FA adds very little to the amount of time it takes to sign in.

Q. Once 2FA is enabled, do I have to enter a 2FA code every time I open a Microsoft app?

A. No. Once you enable two-factor authentication (2FA) for your Microsoft account, you will need to enter a 2FA code only when you sign into a new device or app for the first time. After that, Microsoft will remember the device and you won’t have to enter a 2FA code again unless you sign out of the app or clear your browser’s cookies. This means that if you frequently use a particular device or app to access your Microsoft account, you may not need to enter a 2FA code very often.

Q. Which form of 2FA is more secure? SMS, email or authenticator app?

A. Each verification method has its advantages and disadvantages.

Overall, it is your choice how you balance ease of use and security, but any form of 2FA is better than none!

Method  Advantages  Disadvantages 
SMS  Quick and easy. Many phones autofill SMS codes.  Could be susceptible to SIM jacking or SIM swapping. 
Email  2FA codes are typically delivered very quickly by email  If 2FA isn’t enabled on your email account, your emails may be vulnerable, as will your code. Also, 2FA emails sometimes get caught up in spam filters. 
Authenticator App  Code is time-based and stored locally on device. This means the hacker would physically require your phone.   If you lose or break your device, you may experience difficulty logging in until you set the app up on your new device. 

*When using the Microsoft Authenticator app with Microsoft 365, there’s an option for ‘passwordless sign-in’, enabling you to authorise logins via the app.

Q. What do I do if I receive a code that I didn’t request?

A. If you receive a code that you didn’t request, it means that someone has attempted to sign into your account. If this happens, it’s important that you follow these steps:

  • Do not share your code with anyone
  • Do not click ‘approve login’ if you use the authenticator app
  • Change your account password immediately
  • If we provide your IT support, let a member of our team know

Q. What happens if I lose access to my phone or 2FA method?

A. If you lose access to your method of verification, some applications don’t have a recovery method. This can pose a serious issue and you could be locked out of your account permanently. Luckily, Microsoft 365 has an account recovery procedure, which will enable you to regain access to your account. As your IT support provider, we can reset your MFA verification method from our backend.

Q. What else can I do to secure my account?

A. Besides enabling 2FA, a strong password is essential to protect your Microsoft account. It’s important to remember that your password is your first method of defence against a breach.

How to choose a secure password

Are You Looking to Enable 2FA?

We hope this blog post has helped you understand 2FA in a little more detail. If you’d like to learn more about enabling 2FA across your organisation’s Microsoft 365 accounts, get in touch with our friendly team via info@systemagic.co.uk or give us a call on 01225 426800 to discuss a project.  

Back to our blog

Are you a looking for IT Support for your business?

Get in touch via our Contact form or call us on 01225 426 800