Microsoft rolling out two-factor authentication

Microsoft is joining the two-factor authentication ranks, adding support for this security mechanism across its products and services accessible via a Microsoft Account.

Microsoft

There have been hints for the past week-plus -- courtesy of Liveside.net -- that Microsoft was poised to roll out two-factor authentication for its Microsoft Accounts. On April 17, Microsoft did just that.

The company is calling this security process "two-step verification." Microsoft is making available two-step verification across all products and services accessible via a Microsoft Account. This includes Windows, Windows Phone, Xbox, Outlook.com, SkyDrive, Office, and more. The rollout will be happening over the "next couple of days," according to the company.

(Microsoft Account is the new name for Microsoft's Live IDs.)

Two-factor authentication is aimed at reducing the likelihood of online identity theft, phishing, and other scams because the victim's password would no longer be enough to give a thief access to their information. Apple, PayPal, Google, Facebook, and other vendors already have implemented two-factor authentication.

As Liveside explained it recently, Microsoft will allow users to set up two-step verification when logging in to their Microsoft Accounts from any devices or apps. In addition to typing in one's password, a user also will be prompted to enter a security code randomly generated by an Authenticator app on his/her phone.

Microsoft posted more about how the two-step verification process will work on The Official Microsoft Blog on April 17.

As Liveside also noted, this two-step verification won't work with linked accounts, requiring users to unlink any/all linked accounts before turning the feature on. Some apps like the mail app on some phones also may not support this process. For those users, according to Liveside, Microsoft added a feature called app password that will generate a password from the Microsoft Account Web site.

As ZDNet noted recently, Microsoft's Outlook.com already has a similar "single use password" feature that sends a numerical token to the user's smartphone as an SMS. It does require some form of connectivity and does not require the user's original password. "Rather than an additional form of security, it is viewed as a means to safely log in on computers where the users' password might be compromised," explained ZDNet's Michael Lee.

Currently, Lee noted, certain Microsoft features already require an additional factor of security to access, such as transactions conducted over billing.microsoft.com and establishing a SkyDrive connection to a PC. In these cases, users must enter a numerical token (sent via SMS or e-mail) in addition to being logged in.

This story originally appeared as "Microsoft rolling out two-factor authentication across its product line" at ZDNet.

About the author

    Mary Jo Foley has been a tech journalist for almost 30 years. She is editor of ZDNet's "All About Microsoft" blog. She authored "Microsoft 2.0: How Microsoft Plans to Stay Relevant in the Post-Gates Era" and co-hosts the "Windows Weekly" podcast on the TWiT Network.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    See the world with Smithsonian Channel iOS app

    Watch free videos and full episodes of original series and documentaries with the new app.