Story image

Microsoft launches ‘phone signin’ for Android and iOS - but what about its Windows Phone?

20 Apr 17

Microsoft has moved one step closer to abandoning the password, with the launch of its new ‘phone sign-in’ specifically for Microsoft accounts on Android and iOS - but not for its own Windows Phones.

The company posted the announcement in a blog this week, which explained that it wants to ‘shift the security burden from your memory to your device’.

So far it is only available for the Microsoft Authenticator app on Android and iOS. Why has Microsoft ignored its own creations, Windows Phone? 

The blog says that Windows Phone makes up less than 5% of Authenticator app users, so the priorities lie with Android and iOS - at least for now. If there is significant uptake amongst other users, Microsoft may roll it out for Windows Phone.

The new phone-sign in method is part of the Microsoft Authenticator app. Users can add their account to the app and enter their usual username when signing in from a new location. 

After that, users don’t have to enter their passwords; instead a notification is sent to their phone. They just need to tap “approve” and the logging in process is complete.

The company says there is a link at the bottom of the confirmation page that allows users to use passwords if they prefer. They can switch between the two as needed and the app will remember preferences.

Microsoft believes that the new method is ‘easier’ than two-step verification and much more secure than traditional passwords. 

According to Microsoft, using a notification in combination with phone unlock methods such as PINs or fingerprints is a ‘seamless’ way to incorporate identity verification in a familiar way.

Users who wish to use the Microsoft Authenticator app can download it from Google Play or the App Store.

  • If you already use the Microsoft Authenticator for your personal account, select the dropdown button on your account tile, and choose Enable phone sign-in.
  • If you are adding a new account on an Android phone, we’ll automatically prompt you to set it up.
  • If you are adding a new account on an iPhone, and we’ll automatically set it up for you by default.
  • Then just try it out! The next time you sign in, we’ll send a notification to your phone. That’s it!”

Microsoft says it wants to hear from users about how they find the new signin methods.

ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.
Don’t let your network outgrow your IT team
"IT professionals spend less than half of their time at work optimising their networks and beefing it up against future security threats."
Three access management trends making waves in APAC
Consumer identity proofing, authentication, and authorisation will top the $37 billion value mark by 2023.