Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Microsoft Security

Microsoft Hops On Two-Factor Authentication Bandwagon 132

Posted by Soulskill from the not-last-and-not-least dept.
itwbennett writes "Following similar initiatives by Apple, Google and Facebook, Microsoft is enabling two-factor authentication for its Microsoft Account service, the log-on service for many of its online and desktop products. Users will find instructions on how to add a second form of authentication on the Microsoft Account settings page. The chief form of secondary authentication will be a short code sent to the user's mobile phone, the number of which Microsoft will keep on file, each time the user logs on."
This discussion has been archived. No new comments can be posted.

Microsoft Hops On Two-Factor Authentication Bandwagon More

Microsoft Hops On Two-Factor Authentication Bandwagon

Comments Filter:

  • Re:Microsoft has accounts? (Score:3, Informative)

    by Anonymous Coward on Wednesday April 17, 2013 @05:09PM (#43476851)

    Unless you're a Microsoft developer, what would anyone want a "Microsoft account" for? Hotmail?

    windows live (PC gaming). Xbox gaming. Hotmail.

  • Re:Does MS even understand Two Factor (Score:5, Informative)

    by BradleyUffner ( 103496 ) on Wednesday April 17, 2013 @05:10PM (#43476869) Homepage

    It is 2 factor authentication.

    The 3 authentication factors are:
    Something you Know.
    Something you Have.
    Something you Are.

    This meets 2 of those factors, a password (know), and your phone (have).

  • Two-step *NOT* Two-factor (Score:4, Informative)

    by DragonWriter ( 970822 ) on Wednesday April 17, 2013 @05:24PM (#43476999)

    The new option Microsoft authentication approach, as they describe [technet.com] it, is "two-step authentication", not "two-factor authentication". And, while the correct choice among the options they provide might make it two-factor authentication, they don't seem to focus on that in any particular way.

    Two-factor authentication is "something you have and something you know" (commonly, the something you know is a password, the something you have is a device generating comfirmation codes.) The options for the second step in authentication (password is the required first step for Microsoft accounts) include a code sent to an email address on file, making it "something you know" (your Microsoft account password" plus "something else you know" (the password to alternative email.)

    (Plus, since its sent through regular plaintext email if you are using that option, the second "step", in that case, relies on you supplying back information that Microsoft sends you over a completely insecure channel.)

    I understand the *convenience* offered by the alternative to actual two-factor authentication here, but I don't understand why this is done since the convenience in "two-step" authentication that allows you to choose for it not to be two-factor authentication defeats the entire purpose of not using simple one-factor authentication.

  • Re:Microsoft has accounts? (Score:5, Informative)

    by tgd ( 2822 ) on Wednesday April 17, 2013 @05:34PM (#43477131)

    Unless you're a Microsoft developer, what would anyone want a "Microsoft account" for? Hotmail?

    Skype, Hotmail, Live properties, Xbox Live, Messenger, Windows 8 users with linked accounts, Skydrive ...

    Microsoft has more individuals with accounts than anyone else, by far.

    You may not have one (although, even if you were 100% Linux, unless you've never used Skype, you do have one), but virtually every other person with a computer does.

  • Re: Does MS even understand Two Factor (Score:4, Informative)

    by UnknowingFool ( 672806 ) on Wednesday April 17, 2013 @05:36PM (#43477147)
    The article refers to it as "two-step" not two factor. The title and summary says it is two factor.

Slashdot Top Deals

Kleeneness is next to Godelness.

Close