When we’re talking to nonprofits and other small businesses about how to make the most of M365 cloud services and acronyms like SSO and MFA start flying around, I can practically see eyes glaze over. Really, these features sound much more complicated than they are.
Single Sign-On (SSO)
Have you ever registered a website with your personal email? Maybe you’ve chosen the “Login with Facebook” option on a popular site you use. Why do we chose this option? So you don’t have to remember a different name and password for every site you use. This is referred to as Single Sign-On, or SSO: simply, logging in to multiple sites (or services) using the same account.
When it comes to Microsoft 365 cloud services, SSO means you can log in to your email through Outlook, your company intranet through SharePoint, use Office 365 applications like Word, PowerPoint, and Excel — all with the same account, the same login information, same password.
Naturally, this “one password to rule them all” is a security risk in itself. If someone had your password to your Single Sign-On account, they could access all the sites, applications, and services attached to that account. To help combat this, there’s MFA.
Multi-Factor Authentication (MFA)
Multi-Factor Authentication, or MFA, also sounds really fancy, but it’s really just using something other than your password to provide secondary verification, as an additional security step. An example is getting a text or an email with a one-time use code to further prove you are who you claim to be.
When MFA is enabled and someone logs into a site using your SSO account and password, they are asked to provide another layer of verification. This is especially important if a user’s password is exposed during a security breach; with MFA enabled, even someone with your correct password cannot access your account unless they also have access to your other verification methods.
It is important to use a different password for your SSO account and your recovery email address, and prevent access to alternate methods. If someone has the correct password for your account, and is able to use that same password to access your email, they have access to another verification method and are able to pass two-factor authentication.
Some sites may increase security measures by using three-factor authentication, forcing all users to sign out at specific periods of time, or locking accounts after a number of failed attempts.
Thanks for reading, we hope you’ll check out the other posts on our blog and visit our site to learn more about our services and the nonprofits and social impact small businesses we serve.
Additional Pylons is a veteran-owned consulting firm helping nonprofits and social impact focused small businesses build accessible intranets by leveraging the power of Microsoft 365 cloud services like Office, SharePoint, and Teams.
Check out our blog for tips on building your own intranet, or contact us to consult Additional Pylons!