searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
April 20, 2017
Share

Microsoft users can ditch password-based logins for phone sign-in 2FA

Microsoft added a new feature to its authenticator app, allowing users to sign into their Microsoft account without having to enter their password.

Microsoft phone sign-in option

“With phone sign-in, we’re shifting the security burden from your memory to your device. Just add your account to the Android or iOS Microsoft Authenticator app, then enter your username as usual when signing in somewhere new,” Alex Simons, Director of Program Management at the Microsoft Identity Division, explained.

“Instead of entering your password, you’ll get a notification on your phone. Unlock your phone, tap ‘Approve’, and you’re in.”

The feature is easy to set up: users can enable the feature from the dropdown menu on their already set up account in Microsoft Authenticator. It can also be easily switched off if, at any point in time, they want to revert back to using their password.

Current limitations of the phone sign-in feature

For the moment, it is offered only to Android and iOS users of the Microsoft Authenticator app, and will be possibly added to the Windows 10 Mobile app if it becomes a success.

Also, phone sign-in currently only works for Microsoft Accounts, a single sign-on web service that that allows users to log into Microsoft websites, applications and their devices simply by logging into that one account.

Simons says that this new feature can be counted as two factor authentication: the mobile device is the first, and the PIN or fingerprint is the second factor. He also noted that this option is easier than standard two-step verification.

Should you try it?

“The new functionality in the Authenticator app to use biometrics (in the form of fingerprints from Apple’s Touch ID), one time codes, and even approvals for a notification from the app (on unlocked phones only, naturally) is a significant improvement over password-only authentication,” Tadd Axon, Microsoft Services Practice Lead at Softchoice, commented for Help Net Security.

“I view this as a big win for the average user: less reliance on just passwords to protect their identity, an easier sign-on experience, and it makes it measurably more difficult for a bad actor to compromise an account – even if they have the password.”

“Passwords will still be with us for a long time to come; multi-factor capabilities like this reduce their use, limit their exposure, and provide extra levels of assurance against compromise,” he added, and urged users to give the feature a try.

More about
  • account protection
  • authentication
  • Microsoft
  • passwords
  • SSO
Share this

Featured news

  • Overcoming obstacles to introduce zero-trust security in established systems
  • Leveraging network automation to enhance network security
  • Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)
Guide: Aligning your security program with the NIST CSF

Sponsored

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

Security in the cloud with more automation

CISOs struggle with stress and limited resources

How to scale cybersecurity for your business

Don't miss

Overcoming obstacles to introduce zero-trust security in established systems

Leveraging network automation to enhance network security

Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)

3CX customers targeted via trojanized desktop app

The rise of biometrics and decentralized identity is a game-changer for identity verification

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us