Microsoft rolling out two-factor authentication: Report

Microsoft is alleged to have a new two-factor authentication feature in the works for its accounts.
Written by Michael Lee, Contributor

According to news and information site LiveSide, Microsoft accounts are slated to receive a new two-factor authentication feature soon. The second factor of security, required to log into accounts, will allegedly be sent via paired smartphones.

From the screenshots provided by LiveSide, Microsoft's system appears to use the time-based one-time password algorithm (TOTP), identical to Google and Dropbox's own implementations. This allows users to add their Microsoft account to apps that already support TOTP-based tokens rather than obtain a new application. In addition, TOTP-based tokens do not require any form of internet connectivity to generate once they have been set up.

Like Google's two-factor system, however, Microsoft appears to have the same issue of the system not being compatible with all applications. In response, it appears that it will create "app passwords", which will presumably work in the same manner as Google's application specific passwords.

Microsoft's Outlook, the successor to Hotmail, already has a similar "single use password" feature that sends a numerical token to the user's smartphone as an SMS. It does require some form of connectivity, however, and does not require the user's original password. Rather than an additional form of security, it is viewed as a means to safely log in on computers where the users' password might be compromised.

Certain Microsoft features already require an additional factor of security to access, however. These include transactions conducted over billing.microsoft.com, xbox.com, and when establishing a SkyDrive connection to a PC. In these cases, users must enter a numerical token (sent via SMS or email) in addition to being logged in.

ZDNet contacted Microsoft for comment, but it had not responded at the time of writing

Editorial standards