MFA Options Ranked from Most Secure to Least Secure

1. USB Hardware Token 

At the top of the list is using a USB hardware token. These specialized hardware tokens generate a unique code that is released only when you enter your username and password correctly, then physically touching the device. These keys are considered the easiest to use and most secure MFA method. 

How to setup a Yubico Key

2. Microsoft Authenticator App (BITS Recommended)

Like the token, a person must have physical access to the device using the app. It can either generate One Time Pins (OTP) or it can do one touch sign in confirmations. The Microsoft Authenticator app is one of the easiest to use option and it's also more secure than most other methods. BITS recommends that all campus members use this option to access their accounts.

3. 3rd Party Authenticator Apps

Like the Microsoft Authenticator App, 3rd Party apps are also capable of generating One Time Pins (OTP) as a second factor for verification. Unfortunately, they lack full integration into the Microsoft Cloud authentication, so they will only do the pin code and not one touch or any other Microsoft specific features.

4. SMS Text Message

Near the bottom of the list are text messages to phones. Cell phone providers have frequently failed to secure the digital identities of cell phones on their networks. So, it is possible for a malicious person to copy the cell phone identity of another user to receive their phone calls and text messages. That is problematic for identity proofing because it's possible for any one to receive the OTPs meant to prove the identity of another person.

Change your two-step verification method and settings

5. Phone Call

At the absolute bottom is the phone call verification. It has all the same flaws as the text message to people's phones. It is possible for someone other than the intended person to receive their phone calls. Additionally, the phone call method only requires that a user press the # key to confirm. There have been several cases where users were confused or in a hurry and entered the # key without thinking. Then malicious people had access to their accounts.

Change your two-step verification method and settings 

Still Need Help?

If you need further assistance, please submit a ticket here: I Need Help, or call the IT Service Desk at (585) 395-5151 Option 1.