Microsoft beefs up cloud login security in PhoneFactor gobble
Is that a token in your pocket or are you pleased to see us?
Microsoft has bought PhoneFactor, the maker of software that allows punters to securely identify themselves to computer systems using their mobiles. Terms of the deal, announced yesterday, were undisclosed.
The snapped-up biz offers phone-based authentication as an alternative to physical security tokens that can, for instance, be plugged into a PC to grant remote access to a corporate network.
PhoneFactor instead offers tokens stored by software on phones or out-of-band text message codes that can be entered into a website or other system. The technology already works with many Microsoft products and services, including Outlook Web Access and Internet Information Services, as well as interoperating with Active Directory.
Redmond said the deal to acquire PhoneFactor will allow it to "bring effective and easy-to-use multi-factor authentication to our cloud services and on-premises applications".
How secure outdoor?
I wonder how safe the scheme is outdoor. It is 100% certain that the user has both the PC/tablet and the phone in/around their body or bags. Can we expect a knowledgeable thieve to forget the phone when he can steal the PC/tablet?
This scheme is indeed a 2-factor authentication when the user stays indoor but it is 1.5-factor authentication at best when they move around outdoor. People should be advised to remember the secure enough password/PIN without depending too much on the possession of a phone.