Microsoft turns two-factor authentication into one-factor by ditching password

by
Peter Bright
from Ars Technica - All content on (#2KM0X)
041417_0131_Nopasswordp1.png

(credit: Microsoft)

Microsoft Authenticator is a pleasant enough two-factor authentication app. You can use it to generate numeric authentication codes for accounts on Google, Facebook, Twitter, and indeed, any other service that uses a standard one-time password. The login process is straightforward: first you sign in to each site with your username and regular, fixed password, then you use the code generated by the app.

But for Microsoft accounts, Redmond is offering something new: getting rid of that first password and using just the phone to authenticate. With phone-based authentication enabled, after entering your Microsoft Account e-mail address, you'll receive an alert on your phone. From that alert, you can either approve or reject the authentication attempt-no password necessary.

This same approve-or-reject choice on the phone has been offered previously to Microsoft Accounts, but in the past, it still required the use of the fixed password.

Read 2 remaining paragraphs | Comments

index?i=bM0iELw3LWI:IjF0b0l2c28:V_sGLiPB index?i=bM0iELw3LWI:IjF0b0l2c28:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments