Multifactor authentication extended to all Office 365 users

Microsoft has extended multifactor authentication to all subscribers of its Office 365 suite and plans further expansion of the security feature to other Office desktop applications later this year.

Also known as two-factor authentication, the log-in verification feature is aimed at reducing users' vulnerability to online identity theft, phishing, and other scams by adding a second level of authentication to an account log-in. Twitter, Apple, PayPal, Google, Facebook, and other vendors already have implemented two-factor authentication.

After correctly inputting their username and password, Office 365 subscribers will be required to acknowledge a phone call, text message, or an app notification on their smartphone before they can gain access to their account, Microsoft announced Monday in a company blog post.

Available since last June to Office 365 users with administrative roles, the verification feature is now available to all consumers, regardless of their subscription, at no extra cost, the company said. The software giant also said it plans to extend the feature later this year to desktop applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell, and OneDrive for Business.

To better protect users of these applications in the meantime, Microsoft also announced App Passwords, a 16-character randomly generated password that can be used with any Office application to bolster log-in security. The company also plans to integrate third-party multifactor authentication and smart cards, which use embedded processors to enhance security.

The expansion is Microsoft's latest move to beef up security of its suite of office applications and services. The company announced last November that it planned to introduce message encryption for Office 365, allowing users to send automatically encrypted e-mail to recipients outside of their own company, regardless of its destination.