Here we go again

Dropbox accounts hacked, service not to blame for leak

Hypothetical threat watch

New malware exploits USB, but isn't really that scary

Microsoft News

Microsoft issues security advisory affecting all versions of Windows, Windows Phone

General News

UK government set to rush through emergency surveillance legislation

General News

UK officials follow US counterparts by banning electronics that have no charge from boarding flights

Microsoft News

Microsoft restores control of seized domains to No-IP

Windows 8 Apps+Games

1Password for Windows gets much needed 4.0 update

Editorials

Using strong passwords and keeping your online self secure

General News

First smartphone 'kill switch' bill in the US passed by… Minnesota

Apps

Secure your passwords and critical information with Enpass Password Manager

General News

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

How To

How to swap your primary account with a new alias on Windows Phone 8.1

Apps

John McAfee's Chadder aims to keep your messages private, lands on Windows Phone before iOS

Windows

Microsoft issues security patch for Internet Explorer

Microsoft News

Microsoft issues warning about limited, targeted attack vulnerability in Internet Explorer

How To

Get secure by encrypting your PC with Microsoft BitLocker for Windows 8 Pro

Microsoft News

Microsoft Store giving away $100 credit; simply trade up your Windows XP dinosaur (US and Canada Only)

Microsoft News

Microsoft says it's really time to dump Windows XP thru this clever infograph

Editorials

So, you want to adopt BYOD?

Microsoft News

From a Bill Gates memo to an industry practice: The story of Security Development Lifecycle

< >
Authenticator for Windows Phone
40

Microsoft prepping 2-step authentication for Accounts, already have a Windows Phone app

Two-step authentication, the process whereby you use more than just a password to verify an account, is increasingly an important security tool desired by not just enterprise but consumers. Google has had with Gmail for a few years now, and Microsoft is on the cusp of releasing their version as well.

LiveSide.net is reporting that the service will be integrated into existing Microsoft Accounts (Outlook.com, Hotmail, etc.) though those with linked accounts may have to un-link and the re-link them to get it to work.

Interestingly, the app for this feature is already on the Store for all Windows Phone devices (7.x and 8), and it will serve as the conduit to generate these codes. For those who use Gmail, you may be used to having “verification codes” texted to you, which can be problematic if traveling or switching SIMs (Google does provide fallbacks though). With the Authenticator app, once linked to your account you will be able to generate security codes for account access which will then be verified for by Microsoft before you can login from a non-trusted PC.

The whole system seems quite easy to use (once it goes live), and it should bring Microsoft up to speed with those who demand more in security than a simple password.

You can download the Authenticator app for Windows Phone here, though without the corresponding service enabled by Microsoft on your Account, it’s of little use at the moment.

Source: LiveSide.net

QR: Authenticator

0
loading...
0
loading...
0
loading...
0
loading...

Reader comments

Microsoft prepping 2-step authentication for Accounts, already have a Windows Phone app

40 Comments

good, no more hacking from toronto for me.
 
on a different note, where the hell is instagraph?

"Some apps don't work with these security codes (the mail app on your phone for example)"

I'd have to hope that they're working on getting that stuff supported, since it slightly defeats the purpose if you have to have a million app-specific passwords.
 
Still, it's a good step, seeing as Microsoft already used two-factor authentication for some pages, but not others (albeit via a texted code).

In that case, you will be able to generate a tailored "app password" on the site for that service, much like using Gmail on Windows Phone now with 2-step enabled.

Yes, that's what I'm talking about.  I'd rather the phone really supported two-factor, as opposed to the app passwords.  Needing a bunch of app-passwords that bypass two-factor defeat the purpose of two-factor authentication in the first place.

@ least this is better than their 2 step via email/sms(dont think sms is supported anymore though) it starting to get annoying to have to do this everytime i need to add msp for xbl using website

I really hope everyone makes an app for each platform to do this.

How much would it suck if that a major player that goes to two-step process for their services *cough* Google *cough* and then refused to make an app for say... Windows Phone...
 
I can already seeing this being a headache with all the different little apps that will be part of the authentication process.  I already have a Blizzard Authenticator for SC2... Who knows how many of these apps will exist in the future...

There's already three separate apps that support Google Authenticator, one of them being Microsoft's own app that is mentioned in this post.

Why would you need text for using GMail 2 factor authentication? There are multiple third party apps in WP marketplace(one such is Authenticator 3rd party app) which already supported GMail code generation. Just select Android as your phone in GMail settings, get the key and add it manually in the app. 
Also most such apps support Facebook, Dropbox and other services which uses a common standard for generating codes as well.
In Facebook, just select Android and click the "Having problem?" link in the next screen which will get you the key. In Dropbox, it's straight forward. 
 
Edit: Just noticed that Microsoft also supports the common standard. Yay! All good for a single app. You don't even need the new Microsoft app if you already use any 3rd party app. Or you can migrate all everything to this new app by Microsoft.

I don't think I'd feel comfortable using a 3rd-party app to manage sensitive information like this. I'd prefer to use SMS for Google over a 3rd-party app.

Understand your concern and respect your decision. Everyone is not me.
I myself is little paranoid but this third party app getting hold of my password is very slim and I'm not giving my password to them just the key. Both needs to be available to them to access my account. Also, I don't give my email address or service name to the app. Just A, B, C as the identifiers. Chance of them matching the code to a single email address is almost impossible unless they have other ways of knowing my email address.
But if  you use the email address in the app, and they upload the email address and keys to some public database or something where hackers can cross reference the codes after they get hold of your password somehow, I see your concern. But to be honest, it's a very stretch.

Anyone else miffed by the standard default loading screen of the new app by Microsoft? 
Microsoft guide for apps pointedly say to not use the default loading screen for all 3rd party apps and sometimes even mocks them but still they themselves use it. 

I noticed that right away. It seems hastily put together. The "tap the plus icon" verbiage also seems odd.

MS already uses something similar to this within their SkyDrive in order to access your pc if you're away from home. I get a text with a code and that allows me to access my home pc files from work. Or have i missed the point? UK

You're not. I get the text outside of trusted PCs as well. 
But this makes you avoid the text(which costs many here in US) and also follows an industry standard way of generating codes.

Finally. I've been waiting and this makes me happy. Now if Valve will join the proper auth party.

Thank you!  Its about time.  The 2 step authentication with Gmail is the one area where I admitted Gmail was better than Live mail.  One of my wifes Live accounts just got hacked a week ago.  Granted her password was pretty week.  But its a nor brainer than this service should be implemented and keep people from logging into my account from Nigeria without entering a code of some kind.

I believe this is more commonly known as Two Factor authentication rather than Two Step...

As someone who just got hacked resulting in all my friends getting some stupid email with a link seemingly from me, I welcome this feature.

The App is not useless for now, it implements an open standard, you can already use it for 2-factor-authorization for Dropbox, Google and some other things like my favourite German Bitcoin-Exchange.

Hope this feature is released soon! I love that I can use this app on my google account also (I never bothered with it before now). I suddenly feel more safe already. :D