To improve security we are promoting the use of multiple factor authentication (MFA) on EPO accounts. Normally this consists of a password and the Microsoft Authenticator on the mobile phone, but make sure you add more verification options as described below.
This is also the recommended process when changing phones, add a new extra authentication method before changing phones.
Some colleagues already have MFA enabled to access applications where MFA is mandatory. However it is advised to enable MFA also when it is not demanded during login, this to improve security and avoid access problems when you forget the password.
There are many options to verify your identity during the login dialog. Please note the important advantage of having more than one option enabled for MFA. This enables you to still access your account when something happens to for example your mobile phone or when you forget your password.
Login on https://mysignins.microsoft.com/security-info to add new verification options. For example:
- A mobile or landline phone number (voice or text)
- Microsoft Authenticator
- General authenticator apps e.g. WinOTP or Google Authenticator
- USB security keys
- An alternate email address (Only for access recovery)
Please note more than one of the same option is allowed. For example Microsoft Authenticator can be activated on two different phones.