Can I use Username and Passwords only to register and perform Sign-in

We  support authentication using a Microsoft username and password, including OTP (One-Time Passwords), email codes, or SMS verification. However, these methods are not recommended, as they increase exposure to phishing and vishing (voice‑phishing) attacks. They also add extra time and complexity for users during the enrolment and registration process for Cards/Badges and the HP Secure Authentication Mobile App.

We support No MFA Authentication Challenge during standard sign‑in. However, during first‑time user registration or enrolment for Card, BLE, QR Code, or the HP Secure Authentication Mobile App, users are still required to complete a Microsoft login and authentication step.

This requirement applies regardless of whether your authentication method is:

• Username + Password

• Username + Password + OTP

• Username + Microsoft Authenticator Push Notification

Important!

If you choose to disable the MFA authentication challenge, we strongly recommend implementing additional safeguards. When users authenticate using an NFC/Proximity card or our Mobile Badge application, they should enable Biometric Authentication on the mobile app or alternatively use our new Biometric NFC Smart Cards (CypherCard), which include an embedded fingerprint reader for secure verification.

Why this is important:

If a user’s smart card or badge is lost or taken—and it is not protected by biometrics —anyone possessing that card could sign in to a device and gain full access to the user’s email, OneDrive, SharePoint, Teams files, and other corporate resources.

Implementing biometric protection ensures that only the rightful owner can use the card or mobile badge, significantly reducing the risk of unauthorized access.

do I need MFA

do I need to use Microsoft Authenticator

can I use password only 

FAQ