Microsoft introducing two-factor authentication
NEW YORK, April 19 — An official blog post confirms rumours that Microsoft is increasing security and reducing hacking risks for all of its users’ accounts.
Microsoft says that the feature will go live “over the next couple of days” and that it will be an option — users will not be forced to adopt it — on all Microsoft accounts.
In its simplest terms, two-factor authentication pairs something users know (their password) with something they have — for example, a smartphone or other physical device — in order to confirm that they are who they claim to be.
A password alone can be hacked — no password is 100 per cent effective — but the combination of a strong password plus a second code or PIN, unique to the user and to that log-in attempt, is impossible to hack, unless the person trying to hack the account also has the smartphone or device in question.
By bringing the service to Microsoft accounts, the company is essentially offering the greatest possible peace of mind to Windows Phone, Xbox, Outlook, Skype and Office 365 users, as well as its enterprise clients.
The most common way of providing users with a one-time PIN number is via SMS, but Microsoft is taking security one step further. Anyone who wants to adopt two-factor authentication will need to download a free authentication app from the Windows Store (for Windows Phone users) which will generate the codes for confirming a user’s ID.
As the blog post from Eric Doerr, group program manager, Microsoft account, explains: “If you have a smartphone, we’ll help you set up an authenticator app, which allows you to receive two-step verification codes even while offline (very useful on vacation and to avoid messaging fees). The next time you sign on, you’ll be prompted for a code. [...] If you don’t use a Windows Phone, there are excellent authenticator apps that already exist for those platforms and are compatible with Microsoft account two-step verification.”
Microsoft is the third tech giant to roll out two-factor authentication. Google, the feature’s biggest cheerleader in recent times, made it a free option on all Gmail accounts nearly two years ago and earlier this year Apple also enabled the feature for its Apple ID account holders. Now all that remains is for Facebook and Twitter to take the hint and the Web will be a much safer place for all users.