Feeds

Microsoft gets with the times, builds two-factor authentication into Office 365

Redmond extends security protections to all users

Security for virtualized datacentres

Microsoft is beefing up the security in Office 365 by offering two-factor authentication to all users of its cloud productivity service.

The company said that it would enable two-factor authentication on accounts ranging from Enterprise and Midsize Business plans to academic accounts and standalone single-user subscription plans.

Under the plan, users will be able to link their Office 365 accounts with an additional contact point such as voice call, text message, or an app notification on their mobile device. The acknowledgement is then paired with the successful entry of a password in order to sign a user into the Office 365 service.

"Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password," explained Paul Andrew, technical product manager for Office 365.

"With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password."

Previously, the option to utilize multi-factor authentication had been limited to users who were on administrator accounts.

The enabling of two-factor authentication should be a basic security feature at this point, rather than a premium option or high-profile addition. With tricks ranging from keyloggers and phishing messages to brute-force password guessing, attackers are more than up to stealing account passwords from users. The addition of two-factor authentication, while not perfect, goes a long way toward protecting the vast majority of users from account theft.

Redmond said that it plans to expand on the rollout of additional security protections on the Office platform. The company soon plans to add two-factor authentication mechanisms to desktop applications such as Outlook and Word later in the year and for some enterprise clients, the company is eventually planning to introduce smart-card authentication support, though a possible rollout date for those features has yet to be announced. ®

Beginner's guide to SSL certificates

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.