Story image

Microsoft launches ‘phone signin’ for Android and iOS - but what about its Windows Phone?

20 Apr 2017

Microsoft has moved one step closer to abandoning the password, with the launch of its new ‘phone sign-in’ specifically for Microsoft accounts on Android and iOS - but not for its own Windows Phones.

The company posted the announcement in a blog this week, which explained that it wants to ‘shift the security burden from your memory to your device’.

So far it is only available for the Microsoft Authenticator app on Android and iOS. Why has Microsoft ignored its own creations, Windows Phone? 

The blog says that Windows Phone makes up less than 5% of Authenticator app users, so the priorities lie with Android and iOS - at least for now. If there is significant uptake amongst other users, Microsoft may roll it out for Windows Phone.

The new phone-sign in method is part of the Microsoft Authenticator app. Users can add their account to the app and enter their usual username when signing in from a new location. 

After that, users don’t have to enter their passwords; instead a notification is sent to their phone. They just need to tap “approve” and the logging in process is complete.

The company says there is a link at the bottom of the confirmation page that allows users to use passwords if they prefer. They can switch between the two as needed and the app will remember preferences.

Microsoft believes that the new method is ‘easier’ than two-step verification and much more secure than traditional passwords. 

According to Microsoft, using a notification in combination with phone unlock methods such as PINs or fingerprints is a ‘seamless’ way to incorporate identity verification in a familiar way.

Users who wish to use the Microsoft Authenticator app can download it from Google Play or the App Store.

  • If you already use the Microsoft Authenticator for your personal account, select the dropdown button on your account tile, and choose Enable phone sign-in.
  • If you are adding a new account on an Android phone, we’ll automatically prompt you to set it up.
  • If you are adding a new account on an iPhone, and we’ll automatically set it up for you by default.
  • Then just try it out! The next time you sign in, we’ll send a notification to your phone. That’s it!”

Microsoft says it wants to hear from users about how they find the new signin methods.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.