Microsoft rolling out two-factor authentication: Report

Microsoft rolling out two-factor authentication: Report

Summary: Microsoft is alleged to have a new two-factor authentication feature in the works for its accounts.

TOPICS: Security, Microsoft

According to news and information site LiveSide, Microsoft accounts are slated to receive a new two-factor authentication feature soon. The second factor of security, required to log into accounts, will allegedly be sent via paired smartphones.

From the screenshots provided by LiveSide, Microsoft's system appears to use the time-based one-time password algorithm (TOTP), identical to Google and Dropbox's own implementations. This allows users to add their Microsoft account to apps that already support TOTP-based tokens rather than obtain a new application. In addition, TOTP-based tokens do not require any form of internet connectivity to generate once they have been set up.

Like Google's two-factor system, however, Microsoft appears to have the same issue of the system not being compatible with all applications. In response, it appears that it will create "app passwords", which will presumably work in the same manner as Google's application specific passwords.

Microsoft's Outlook, the successor to Hotmail, already has a similar "single use password" feature that sends a numerical token to the user's smartphone as an SMS. It does require some form of connectivity, however, and does not require the user's original password. Rather than an additional form of security, it is viewed as a means to safely log in on computers where the users' password might be compromised.

Certain Microsoft features already require an additional factor of security to access, however. These include transactions conducted over,, and when establishing a SkyDrive connection to a PC. In these cases, users must enter a numerical token (sent via SMS or email) in addition to being logged in.

ZDNet contacted Microsoft for comment, but it had not responded at the time of writing

Topics: Security, Microsoft

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The token generating WP app is now available in Store

  • Security and Microsoft don't belong in the same sentence.

    Windows can not be made secure. They patch 50 or so security holes every Tuesday.
    Tim Jordan
    • You have no idea what you are talking about.

      None what-so-ever. Troll.
    • Patching security holes

      If patching security holes is your definitions of unsecure, than try Linux.

      Day after day patches... but is something bad? for you maybe, for rest of the word this is a good thing.
    • Because MS is so public about their security work and a much bigger target

      people have a completely distorted perspective. Dont be misguided by it. Windows is more secure than linux, macos, android, etc. IIS is more secure than apache, etc. SQL server is more secure than oracle, db2 etc.
      Johnny Vegas
    • Errr.....

      Thanks for being either biased or anti-Microsoft [you choose]. You know, you look foolish with these comments. "Patch 50 or so security holes every Tuesday". What a laugh. Still half the number of weekly new holes than Google Chrome browser [on its own]. :-) [see there I am joking].