Leaked screenshots reveal Microsoft accounts will get two-step authentication


No matter how convoluted and ridiculous your passwords become, they will inevitably get hacked. Anyone who has fallen victim to security breaches will know just how time-consuming it is to keep coming up with new passwords and changing them on various sites. That’s why more and more users are making the switch to two-step authentication to log into their Google, Apple, and Dropbox accounts, and Microsoft is following suit based on leaked screenshots posted on Liveside.

Two-step login is considered more secure than just typing in your password because, in addition to your user name and password, you have to enter in an automatically generated code that is available through a mobile app or on a USB key like the YobiKey. This code changes every time you log into the services that support this type of login, so even if a hacker manages to steal your user name or password, he won’t be able to access the information that is tied to that account. Microsoft Authenticator appAt least that’s the idea.

With Microsoft rolling a whole bunch of disparate services into a single Microsoft Account identity – from your Xbox to your Outlook to your Skype account – your login information needs to be especially hack-proof to avoid the mess that compromised security would cause. Based on Liveside’s report on this upcoming security feature, it looks like Microsoft will require the user to enter in a code generated by its Authenticator app (as pictured on the right).

This Windows Phone 8/7.5 Mango app is already available on the Windows Phone App Store, even though the two-step authentication process has yet to be released and is therefore not available to users at the moment. We hope Microsoft will be bringing this app to other platforms so non-Windows Phone users with Xboxes or Outlook accounts will still be protected by this two-step authentication system.

While this type of login can better protect your Microsoft Account, it could be quite a headache for users to actually implement. According to Liveside, this feature “will not work with linked accounts, as such users are required to unlink all their linked accounts before turning the feature on.” (By “linked accounts,” it is referring to the single Windows ID that some users have been using to log into multiple Microsoft services.)

It’s also possible that native apps that come preloaded on Android and iOS devices won’t support this security feature on cross-platform Microsoft services like Outlook and Skype. Judging from Liveside’s report, it seems Microsoft will be directing the user to the Microsoft account website to generate an “app password,” which the user will enter into the mobile app to access her account. Frankly, this sounds like too much work for non-Windows-Phone-toting users who just want to check their Outlook email account or chat on Skype. 

We hope Microsoft will make it as easy as possible to take advantage of this more secure way to log into your Microsoft services, and we’re looking forward to the official release of this much needed security feature.

 [Images via Liveside]