Finally: Two-Factor Authentication coming to Microsoft accounts
Selecting a secure password is the first step of ensuring that you are safe on today's Internet. While that is a great start, it may sometimes not be enough to properly secure an account. Several Internet companies have started to implement an optional two-factor authentication system for user accounts that adds another layer of security to the login process. It works by requesting a second authentication code after a successful sign in with the account's username and password. This second authentication code is either created locally on the fly whenever needed or sent to a linked mobile phone number by the company itself.
Examples of companies that enable you to create the codes by yourself locally are PayPal with its VeriSign Identity Protection devices and Blizzard with its Battle.net authenticator. Google, Dropbox and many other companies prefer to send codes via email to the linked email address when requested.
And now Microsoft, at least if you believe the leaked information posted on the Live Side website. According to the site's information, Microsoft's implementation will fall into the first group meaning that users will have to use a mobile phone application to generate a code whenever they are asked to enter one during sign in to their Microsoft account or one of the services linked to it.
The Microsoft account website will soon offer a feature to pair one of the authenticator apps with a Microsoft account to improve the security of the account during log ins. According to screenshots posted on the site, Microsoft has already created a Windows Phone app that generates the codes for the user. The company states that authenticator apps for other phone operating systems are available by third parties but does not go into detail in this regard and does not link to any apps available in one of the app stores.
There seem to be certain limitations associated with the procedure. Live Side notes that users cannot add two-factor authentication to linked accounts, and that users need to unlink the accounts first before they can apply the feature to each of the accounts. Some apps or devices may also not support two-factor authentication and Microsoft will provide users with an app password that can be used to bypass the limitation on those devices. This works similar to the app passwords that you can create for your Google account.
It is definitely a step in the right direction considering that Microsoft maintains several of the most popular services on today's Internet. I think it has been long overdue and can't wait to add the second step of authentication to my accounts. It remains to be seen how easy that will be though. It is not clear when the feature will launch but considering that an app exists already in the Windows Phone store, it is likely that a launch is immanent.
Advertisement
Finally the great news is coming. I hope Matt Cutts will congratulate Microsoft for this step. And I also will start using Microsoft’s online services.
Great news if this is true!
@Martin: I think the paragraph above the picture should read: “at least if you believe the leaked information” instead of “at least if you the leaked information” :)
You are right, thanks and corrected.