Why use two-factor authentication (2FA) or Multifactor (MFA) with your VPN connection?

What is a VPN?

Virtual private networks (VPNs) have been a popular way for companies to provide their employees remote access to their private servers and network resources. VPNs create secure connections between remote machines and your servers allowing your users to stay productive when out of the office. VPNs reduce the risk that hackers can find and enter your servers while your employees securely work from home or anywhere for that matter.

While VPNs are great, they are far from a perfect solution and are subject to security threats, such as phishing attacks. For example, an attacker will often send a legitimate looking email to one of your employees and invite them to log into their account via a link in the email to update their information, pay a bill, or other…. The hacker only has to wait for the unsuspecting employee to enter their username and password. Once in possession of valid credentials, the attacker will be able to connect to your VPN as a legitimate user, gain access to your network, steal information or cause other types of damage such as deploying ransomware.

How 2FA two-factor authentication secures your VPN network

Two-factor authentication (2FA) reduces the risk that hackers can access your network using these stolen or compromised credentials. 2FA requires users to validate their identity by presenting a second security factor in addition to their password. When connecting to a corporate network, users must first enter their computer or VPN credentials, followed by a time-based one-time password (TOTP). This TOTP (usually a 6 digit numeric code) is displayed on users mobile phone in an application called an authenticator. Google Authenticator and Microsoft Authenticator are 2 popular and free apps compatible with both iPhone and Android devices.

2FA makes it extremely difficult to impersonate a user without having access to this second factor. This means that even if hackers were to steal all of your employees’ usernames and passwords, they still wouldn’t be able to access your VPN because they don’t have the 2FA code generated in the authenticator app.

How can I enable 2FA for my company’s VPN?

Every firewall and network is a little different and thus the configuration can vary dramatically. If you are interested in securing your network with 2FA please reach out to TMD Technology Services to assist you in determining the best path forward.

Aside from your VPN we highly recommend using 2FA on all your important accounts including email, banking, website and social media.

Set up 2-step verification (MFA) for Office 365

User Instructions to set up 2-step verification for Office 365

To enhance security we will be adding 2-step verification (also called multi-factor authentication or MFA) to our email system. You will have to set up your account to use it.

By setting up 2-step verification, you add an extra layer of security to your Office 365 account. You sign in with your password (step 1) and a code sent to your phone (step 2).

  1. Sign in to Office 365 with your work or school account with your password like you normally do. After you choose Sign in, you’ll see this page:

First Sign in screen

  1. Choose Set it up now.
  2. Select your authentication method and then follow the prompts on the page. Or, watch the video to learn more.

Choose your authentication method and then follow the prompts on the screen.

  1. Once you complete the instructions to specify how you want to receive your verification code (We suggest Authentication phone and Send me a code by text message), the next time you sign in to Office 365, you’ll be prompted to enter the code that is sent to you by text message, phone call, etc. To have a new code sent to you, press F5.

    When you sign in with 2-step verification, you'll be prompted for a code.

  2. You’ll get an app password that you can use with Outlook, Apple Mail, your Android or Iphone, etc. Choose the copy icon to copy the password to your clipboard. You won’t need to memorize this password but be sure to capture it (take a picture or write it down) because you will not have the opportunity to see it again.

    Image of the copy icon to copy the app password to your clipboard.

Next steps

If you’re using other apps like Outlook on your desktop, you’ll need to to use this app password or you can create a new app password so they can connect to your Office 365 account.