Exam: AZ-900: Microsoft Azure Fundamentals 0 Likes
Are two valid methods for Azure Multi-Factor authentication picture (AZ-900)
A team is currently planning on using Azure for hosting resources. They are going to create users which would have access to the Azure resources. The want to implement Multi-Factor authentication for the users.
Are two valid methods for Azure Multi-Factor authentication picture identification and entering a passport number.
A) Yes.
B) No.
Solution
Correct answer: B) No.
Picture identification and entering a passport number are not valid methods for Azure Multi-Factor Authentication (MFA). While these might seem like secure options, they have significant drawbacks:
Security concerns:
Picture identification: Easily forgeable or stolen, doesn't provide real-time verification, and vulnerable to social engineering attacks.
Passport number: Sensitive personal information that should not be stored in Azure for authentication purposes. Sharing passport details poses identity theft risks.
Usability considerations:
Impractical: Entering passport numbers repeatedly would be cumbersome for users.
Limited reach: Not everyone has a passport, which could exclude some users from accessing necessary resources.
Instead, Azure MFA supports several secure and user-friendly methods:
Phone calls or text messages: Sending a one-time code to the user's registered phone number.
Authenticator apps: Using a mobile app like Google Authenticator or Microsoft Authenticator to generate one-time codes.
Security keys: Physical devices like FIDO keys that provide hardware-based verification.
These methods offer better security and user experience compared to picture identification and passport numbers.
Additionally, Azure MFA allows for granular control over which authentication methods are used for different users or scenarios. This flexibility enables organizations to strike a balance between security and convenience based on their specific needs.
Remember, Azure MFA is designed to add an extra layer of security to the login process, beyond just passwords. Using robust and accessible methods is crucial for protecting your Azure resources and user accounts.
Category: Azure management and governance