Microsoft releases password killer: the Authenticator phone sign-in
- 20 April, 2017 03:59
If you use Outlook, Skype or any other Microsoft service, there’s now an easier way to sign in using your password just once and your phone from then on.
Microsoft has rolled out an update to its Authenticator app for iOS and Android that makes signing in to Microsoft accounts a breeze.
Instead of having to remember your Microsoft account password every time you need to sign in, you’ll only need to tap an “approve” notification on your phone.
Not only does the app make it simpler to sign in, it makes it easier to use complex passwords generated by a password manager that are more secure but impossible to remember.
For example, a Mac user who used KeyChain to create a strong password like "R2D-dQY-8JC-0wL", will be able to enroll a Microsoft account with Microsoft Authenticator by signing in once to the iOS or Android app with that password. From then on they can use Authenticator’s simpler choice to “approve” or “deny” a login from a notification that is displayed on the phone after entering a username at a Microsoft login page in a browser.
The phone sign in feature works when signing in from a desktop or phone browser. iPhones that are TouchID-enabled can confirm an approval by pressing the home button, and earlier iPhones can confirm it with a passcode.
“Most Android devices” can use the feature, according to the app’s listing on Google Play.
Prior to the addition of the phone sign-in feature, Microsoft’s Authenticator generated one-time codes to support two-factor authentication for Microsoft and third-party accounts.
Alex Simons, director of program management at Microsoft’s Identity Division argues the new feature is superior to standard two-step verification and much better than relying on solely on passwords, which can be forgotten, phished, or compromised.
“Using your phone to sign in with PIN or fingerprint is a seamless way to incorporate two account “proofs” in a way that feels natural and familiar,” he noted, referring to two-factor authentication requiring something you know (the password you used to enroll the account with app) and something you have (your phone).
With an endless stream of password breaches, tech giants have been working on ways to make it easier to use two-factor authentication at the same time as encouraging users to choose strong and complex passwords, which consequentially aren't so easy to remember.
Google recently updated its account sign in processes with a notification-based approval process to make two-step verification easier, which also uses a prompt on a mobile device to confirm whether the user is trying to sign in from another computer. The feature is an alternative to two-step verification using a Security Key. iPhone owners can approve the sign in request via the Google Search app, while the feature is native to Android devices.
Yahoo also aimed to reduce sign-in friction with a feature in its mobile app to allow Yahoo mail users to sign-in by approving the app.
Microsoft’s motivation for developing the feature for Authenticator was to offer an alternative to well-meaning but unfriendly password rules, such as requiring passwords with upper and lowercase letters, numbers, and a special character.