Microsoft says it’s working to offer better security for users of its Outlook.com web-mail service, but don’t expect two-factor authentication, like on Gmail. Instead, Microsoft wants to offer a “strong solution” that won’t be as inconvenient for users.
Outlook.com is currently in preview and doesn’t offer Google’s optional two-factor authentication, which requires both the account password and to be in possession of the user’s phone in order to sign into a Google account on an unrecognized computer.
When asked about security, a spokeperson for Microsoft said Outlook.com “requires strong passwords” and offers single-use codes.
Single-use codes are codes users can have sent to their phone via text message (as long as that phone is already associated with the user’s account) that can be used to sign in to an account without needing the password. That way, a user can sign in on a public computer without worrying that a keylogger might capture the account’s password.
However, the spokesperson said Microsoft was “putting a lot of investment and R&D” into more security while the site is in preview, with the goal of finding a more convenient option that two-factor authentication, which requires using both confirmation codes and alternative passwords for apps.
The rep said it looked at two-factor authentication but chose not to offer the service since it found that only a small number of Gmail users actually use it. Microsoft’s goal is “to find a strong solution that everyone can use, vs. just the 1% of users that figure out how to navigate a bunch of additional setup options,” the spokesperson said.
Asked how many users had turned on the two-factor feature, a Google spokesperson said: “we have millions of 2-step verification users, and thousands more enroll every day.”
Recently, Gmail’s two-factor authentication has received a lot of attention due to the “epic hacking” of Wiredreporter Mat Honan, who had his phone, tablet and laptop taken over and wiped by hackers. One of the ways the hackers got access to Honan’s accounts, and thus his devices, was because he had not activated two-factor authentication on his Gmail account.
0 comments:
Post a Comment