Azure 多重身份验证的工作原理How Azure Multi-Factor Authentication works

双重验证的安全性在于其分层方法。The security of two-step verification lies in its layered approach. 破坏多因素身份验证系统对于攻击者来说是巨大的挑战。Compromising multiple authentication factors presents a significant challenge for attackers. 即使攻击者设法得到用户的密码,如果没有同时占有可信设备也没有用处。Even if an attacker manages to learn the user's password, it is useless without also having possession of the trusted device.

验证

Azure Multi-Factor Authentication 可帮助保护对数据和应用程序的访问,同时可以满足用户对简单登录过程的需求。Azure Multi-Factor Authentication helps safeguard access to data and applications while meeting user demand for a simple sign-in process. 它通过要求第二种形式的身份验证提供额外的安全性,并通过一系列简单的身份验证选项提供增强式身份验证。It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy verification options.

可用于双重验证的方法Methods available for two-step verification

当用户登录时,系统会将额外的身份验证发送给该用户。When a user signs in, an additional verification is sent to the user. 以下是可用于这种二次身份验证的方法列表。The following are a list of methods that can be used for this second verification.

验证方法Verification Method 说明Description
电话呼叫Phone call 致电用户已注册的电话号码。A call is placed to a user's registered phone. 用户在必要时输入 PIN,再按 # 键。The user enters a PIN if necessary then presses the # key.
短信Text message 向用户的移动电话发送包含 6 位数验证码的短信。A text message is sent to a user's mobile phone with a six-digit code. 用户在登录页上输入此验证码。The user enters this code on the sign-in page.
移动应用通知Mobile app notification 向用户的智能手机发送验证请求。A verification request is sent to a user's smart phone. 用户在必要时输入 PIN,再在移动应用上选择“验证”。The user enters a PIN if necessary then selects Verify on the mobile app.
移动应用验证码Mobile app verification code 在用户智能手机上运行的移动应用将显示验证码,每 30 秒更改一次。The mobile app, which is running on a user's smart phone, displays a verification code that changes every 30 seconds. 找到最新验证码后,用户在登录页上输入验证码。The user finds the most recent code and enters it on the sign-in page.

Azure 多重身份验证为云和服务器提供了可选择的验证方法。Azure Multi-Factor Authentication provides selectable verification methods for both cloud and server. 可以选择对用户使用哪些方法:电话呼叫、短信、应用通知还是应用验证码。You can choose which methods are available for your users: phone call, text, app notification, or app codes. 有关更多信息,请参阅可选择的验证方法For more information, see selectable verification methods.

后续步骤Next steps