Microsoft rolling out two-factor authentication across its product line

Summary:Microsoft is joining the two-factor authentication ranks, adding support for this security mechanism across its products and services accessible via a Microsoft Account.

There have been hints for the past week-plus -- courtesy of Liveside.net -- that Microsoft was poised to roll out two-factor authentication for its Microsoft Accounts. On April 17, Microsoft did just that.

mssecurity2factor

Microsoft is calling this security process "two-step verification." Microsoft is making available two-step verification across all products and services accessible via a Microsoft Account. This includes Windows, Windows Phone, Xbox, Outlook.com, SkyDrive, Office and more. The rollout will be happening over the "next couple of days," according to the company.

(Microsoft Account is the new name for Microsoft's Live IDs.)

Two-factor authentication is aimed at reducing the likelihood of online identity theft, phishing and other scams because the victim's password would no longer be enough to give a thief access to their information. Apple, PayPal, Google, Facebook and other vendors already have implemented two-factor authentication.

As Liveside explained it recently, Microsoft will allow users to set up two-step verification when logging into their Microsoft Accounts from any devices or apps. In addition to typing in one's password, a user also will be prompted to enter a security code randomly generated by an Authenticator app on his/her phone.

Microsoft posted more about how the two-step verification process will work on The Official Microsoft Blog on April 17.

As Liveside also noted, this two-step verification won't work with linked accounts, requiring users to unlink any/all linked accounts before turning the feature on. Some apps like the mail app on some phones also may not support this process. For those users, according to Liveside, Microsoft added a feature called app password that will generate a password from the Microsoft Account Website.

As ZDNet noted recently, Microsoft's Outlook.com already has a similar "single use password" feature that sends a numerical token to the user's smartphone as an SMS. It does require some form of connectivity and does not require the user's original password. "Rather than an additional form of security, it is viewed as a means to safely log in on computers where the users' password might be compromised," explained ZDNet's Michael Lee.

Currently, Lee noted, certain Microsoft features already require an additional factor of security to access, such as transactions conducted over billing.microsoft.com and establishing a SkyDrive connection to a PC. In these cases,  users must enter a numerical token (sent via SMS or email) in addition to being logged in.

 

Topics: Security, Microsoft, Windows, Windows Phone

About

Mary Jo Foley has covered the tech industry for 30 years for a variety of publications, including ZDNet, eWeek and Baseline. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008). She also is the cohost of the "Windows Weekly" podcast on the TWiT network. Got a tip? Se... Full Bio

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.