Security Advisor

Microsoft Adding Two-Factor Authentication for Outlook.com

Looks like Microsoft will be adding another layer of security to its account system with the introduction of a new two-factor authentication system.

According to LiveSide, those customers that opt in for the new service will be prompted to enter a randomly generated password (along with your account password) by a mobile Authenticator app.

As with Google's similar security authentication, the mobile code will refresh frequently, so make sure to keep your phone handy when logging in.

While Microsoft is staying tight-lipped on the specific details of its new authentication system, including all the services this is getting rolled out to, the companion mobile app is already available  in the Windows Store, and gives us the most insight we're going to get on the process in the app description:

"The Authenticator app generates security codes you can use to help keep your Microsoft account secure. You can add your Microsoft account to the app by scanning a barcode or by manually entering a secret key. The app implements industry-standard security code generation and may also work with other services and providers."

One headache of this new process is that linked accounts will have to be unlinked and then linked again before the mobile authentication step can be taken advantage of. Also, what happens if you forget to grab your phone as you walk out the door in the morning? Looks like you'll be without access to your Microsoft account if it decides to generate a new code.

However, the benefits heavily outweigh the minor inconvenience that comes with implementing the second security step. It'll be quite a bit harder for attackers, who now will have to steal both your login credentials and your mobile phone if they want to gain access to your account.  

In fact, adding this second step could drastically lower the chance of account hijacking. So why doesn't every online service provider already have a similar system in place? Sophos security advisor Chester Wisniewsk agrees, speaking out vocally on the issue of two-factor authentication after last month's major Twitter breach.

"It is high time Twitter implement something to augment account security," said Wisniewski. "Two-factor authentication would be a great option for protecting high-profile brands, celebrities and those who simply want that extra layer of security for their online identity."

For those who like to keep up with what Microsoft likes to pull the checkbook out for, the news of this new authentication system should not exactly be a suprise. Last October I reported on the Microsoft acquisition of the authentication company PhoneFactor and Microsoft's commitment to bringing the technology to many of its products and services.

"The acquisition of PhoneFactor will help Microsoft bring effective and easy-to-use multifactor authentication to our cloud services and on-premises applications," said Bharat Shah, corporate vice president, Server and Tools Division for Microsoft. "In addition, PhoneFactor's solutions will help Microsoft customers, partners and developers enhance the security of almost any authentication scenario."

So what do you think? Is two-factor authentication the cure for constant account attacks? Or is it more of a nuisance than a solution? Let me know in the comments below.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus