Microsoft turns two-factor authentication into one-factor by ditching password

Posted April 20, 2017

The phone sign-in works through the Microsoft Authenticator app, where users add their account.

In some cases the app will produce an eight-digit password for the authentication.

Not only does the app make it simpler to sign in, it makes it easier to use complex passwords generated by a password manager that are more secure but impossible to remember. Consider too that most people already have a pin code or similar security on their phone and the firm believes smartphone logins are secure enough while feeling "natural and familiar".

This new phone sign-in for Microsoft accounts feature is now at the "general availability" stage for Android and iOS devices, meaning that Microsoft sees it as being ready for commercial use.

Microsoft appears to be targeting both home users and those in business. Instead of having to enter your password, you'll get a notification on your phone.

Microsoft today announced the preview launch of a new "intelligent task management app" that's created to make it easier to plan and manage a day's activities. From there, just unlock your phone, tap "Approve" and voila - you're in.

From there, "the next time you sign in, we'll send a notification to your phone", Simons wrote. When a user goes to sign into a Microsoft accounts property they'll be prompted on their device.

Microsoft Authenticator can be downloaded for Android and iOS from their respective App Stores and is free of charge, it just requires a Microsoft account.

Microsoft adds that To-Do is "the only task management app built on an enterprise cloud", and says that a Mac app is in the pipeline.

There will be options for password usage if your phone isn't with you, which could open up a vector for more traditional hacking. Ironically the feature is not yet available for Microsoft Authenticator for the Windows Phone. Microsoft Authenticator does not now work on Windows Phones. "If/When it becomes a big success on those high scale platforms, we will evaluate adding support for Windows".