Want CNET to notify you of price drops and the latest stories?

Multifactor authentication extended to all Office 365 users

All users will now have the option of using a second layer of log-in verification to reduce vulnerability to online identity theft.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Microsoft's Office 365 multifactor authentication prompt. Microsoft

Microsoft has extended multifactor authentication to all subscribers of its Office 365 suite and plans further expansion of the security feature to other Office desktop applications later this year.

Also known as two-factor authentication, the log-in verification feature is aimed at reducing users' vulnerability to online identity theft, phishing, and other scams by adding a second level of authentication to an account log-in. Twitter, Apple, PayPal, Google, Facebook, and other vendors already have implemented two-factor authentication.

After correctly inputting their username and password, Office 365 subscribers will be required to acknowledge a phone call, text message, or an app notification on their smartphone before they can gain access to their account, Microsoft announced Monday in a company blog post.

Available since last June to Office 365 users with administrative roles, the verification feature is now available to all consumers, regardless of their subscription, at no extra cost, the company said. The software giant also said it plans to extend the feature later this year to desktop applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell, and OneDrive for Business.

To better protect users of these applications in the meantime, Microsoft also announced App Passwords, a 16-character randomly generated password that can be used with any Office application to bolster log-in security. The company also plans to integrate third-party multifactor authentication and smart cards, which use embedded processors to enhance security.

The expansion is Microsoft's latest move to beef up security of its suite of office applications and services. The company announced last November that it planned to introduce message encryption for Office 365, allowing users to send automatically encrypted e-mail to recipients outside of their own company, regardless of its destination.