Microsoft today announced that it is rolling out optional two-factor authentication to the 700 million or so Microsoft Account users, confirming last week's rumors. The scheme will become available to all users "in the next few days."
It works essentially identically to existing schemes already available for Google accounts. Two-factor authentication augments a password with a one-time code that's delivered either by text message or generated in an authentication app.
Computers that you trust will be allowed to skip the two factors and just use a password, and application-specific passwords can be generated for interoperating with software that doesn't support two-factor authentication.
Microsoft has its own authentication app for Windows Phone. It isn't offering apps for iOS or Android—however, it doesn't need to. The system it's using is standard, specified in RFC 6238, and Google uses the same system. As a result, Google's own Authenticator app for Android can be used to authenticate Microsoft Accounts. And vice versa: Microsoft's Authenticator app for Windows Phone works with Google accounts.
No comments: