Today it is necessary, and I would argue crucial, to use multifactor (MFA) or 2-factor (2FA) authentication on important resources that you access such as banking sites or email.  Most of you probably have the Microsoft Authenticator app or Google Authenticator on your phone with a 30 second countdown changing code that you have to enter as a second measure of security.  This second step is very effective against hacking and unauthorized access to sensitive information.  In the cybersecurity world, the use of these measures is necessary, but you still have to be vigilant.

Something we have seen an uptick on is what we consider a fake authenticator app which is likely available as an app download on your phone.  There have been outright malicious ones that have been removed from the app stores, but I’m writing today about one in particular that we have seen on client phones more and more recently.  It’s easy enough to download the wrong one as you can see in the following image.  Searching on “authenticator” as of this writing puts the wrong one at the top of the list, which is unsettling. From what we can gather, it has ads and may even ask you to pay for it.  It may only work with M365 and not many other apps that the real Microsoft Authenticator can accommodate.  The real Microsoft Authenticator is both free and does not have ads.

We created a public facing document to make this even easier for our clients.  Just click this link and there are 4 different QR codes that you can use to install the correct app.  Two are Authenticator apps and two are Outlook apps which we recommend for your email (Apple & Android versions).  Feel free to share with others, and I won’t be offended if you contact us to make sure it’s really me offering up a link.  You can never be too sure, and better to be safe than sorry.