Saturday, April 20, 2013

Microsoft two-factor authentication

This week Microsoft added the ability for users to secure their Microsoft account with two-factor authentication.  This should help prevent unauthorized access to your account.  I think that it is great that Microsoft is enabling this extra security, as people can have their credit cards associated with their account.

I enabled two-factor authentication on my account, and by default your verification code will be sent to your phone.  You can also use a phone based authenticator to generate codes.  Microsoft has released an application that you can use on Windows Phone based phones, or you can use Google Authenticator on Android, iOS and Blackberry.

There are some things that you should be aware of before enabling this for your accounts:
  1. If you use Google Authenticator, since Microsoft doesn't add a prefix to the account name in the key uri, adding your Microsoft account to the app, will replace any existing account with that name.  Make sure that you rename, in the app, any account that is named with the email address that you use to log in, before adding the Microsoft account.
  2. The Xbox doesn't have the UI to allow entry of the second-factor verification code, so you will need to create an application specific password for these devices that don't accept these validation codes.