1. Passwords on their own are bad
2. MFA is from [[202404011414 Authentication and Authorization]] 2 or more items
   1. I know
   2. I have
   3. I am
3. Example:
   1. Password + SMS/Phone
   2. Password + Auth app
4. You want to prompt sparingly otherwise it becomes muscle memory and they don’t read the message/ they will keep saying yes
5. Requires P1 license or use Security defaults (Ideally want to use conditional access if you don’t have P1) or global admin

Authentication context and number matching

1. In auth app, shows location and asks to enter the number
2. not phishing attack proof

Phishing resistant

Provided by machine so considered phishing resistant

1. Hello for business
2. FIDO2
3. CBA (Certificate based authentication)

Passwordless

Above 3 + MFA app.

Temporary access pass

For new users/to bootstrap onboarding

---

references: