The Redmond company wants to make it easier and more secure to login to Microsoft accounts
Microsoft is beginning to replace passwords with Authenticator, an app that allows users to securely log into their Office 365 and Microsoft accounts using verification on their smartphones.
The iOS and Android app, which is currently being rolled out, allows users to login to their Microsoft accounts with a single tap. When attempting to login to their Microsoft accounts, the app will serve up a notification on a user’s smartphone prompting them to either approve or decline the login.
Essentially the Authenticator app is an evolution of two-factor authentication, designed to make logging into apps and accounts a more secure process; a handy feature when big data breaches have led to login details of online services being bled all over the Internet.
According to Alex Simons, director of program management at Microsoft’s Identify Division, Authenticator has been designed to get rid of the fiddly pain of trying to remember and enter passwords every time a user wants to login to their Microsoft account.
“Here in the identity division at Microsoft, we don’t like passwords any more than you do! So we’ve been hard at work creating a modern way to sign in that doesn’t require upper and lowercase letters, numbers, a special character, and your favorite emoji,” he said.
“With phone sign-in, we’re shifting the security burden from your memory to your device. Just add your account to the Android or iOS Microsoft Authenticator app, then enter your username as usual when signing in somewhere new. Instead of entering your password, you’ll get a notification on your phone. Unlock your phone, tap “Approve”, and you’re in.
“This process is easier than standard two-step verification and significantly more secure than only a password, which can be forgotten, phished, or compromised. Using your phone to sign in with PIN or fingerprint is a seamless way to incorporate two account “proofs” in a way that feels natural and familiar.”
Google has a similar app in the form of Google Prompt, which required users to confirm their identity. So Microsoft’s app is not breaking any new ground. However, it does highlight how major companies are taking cyber security very seriously, offering their users new ways to protect from unauthorised logins and mitigate some of the damages stolen credentials can yield.
With phishing attacks part of the arsenal of a growing number of cyber attacks, we can foresee other companies providing cloud and web based services following Microsoft and Google in creating their own authentication apps.
Are you a cyber security pro? Take our quiz and find out!