I recently went through forcing all users of Office365 to turn on multi-factor authentication. There was a bit of ‘friction’ but once it’s turned on the device(s) you have authenticated from become part of the security setup so you don’t have to worry about constantly finding that RSA token (which is what I have to do for other clients that have a more ‘traditional’ approach)…:
[…] The head of Cyber Security NSW, Tony Chapman, told Guardian Australia that multi-factor authentication could have prevented the majority of the incidents occurring in NSW government agencies last year.
“My team last year had determined that 61% of incidents reported to Cyber Security NSW would have been prevented if multi-factor authentication was in place,” he said. “So you can imagine it’s a key driver for me to educate across the sector.”