Microsoft’s online Office 365 service has added a new layer of protection to users of the online document-editing service, with two-factor authentication being rolled out to versions of Office 365 from business plans to some standalone single-user plans, according to The Register’s report.
“This will allow organizations with these subscriptions to enable multi-factor authentication for their Office 365 users without requiring any additional purchase or subscription,” said Paul Andrew, technical product manager on Microsoft’s Office 365 team in a blog post.
The company also plans to add ‘App Passwords’ to individual Office desktop applications, allowing businesses to set a 16-character password to access individual applications such as Word and Excel, according to Neowin’s report. Microsoft plans to roll out multi-factor authentication for these apps later in the year.
“Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password,” Andrew said in his blog post. “With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.”
Businesses can enroll large numbers of users for the service at once – when the users log in, they are given a choice of using phone calls, texts or one-time codes delivered via smartphone app to secure their account.
“After a user is enabled for multi-factor authentication, they will be required to configure their second factor of authentication at their next login. Each subsequent login is enforced and will require use of the password and phone acknowledgement,” Andrew said.
Previously, the option to use extra security had been limited to administrators. The Register’s Shaun Nichols commented, “The enabling of two-factor authentication should be a basic security feature at this point, rather than a premium option or high-profile addition. With tricks ranging from keyloggers and phishing messages to brute-force password guessing, attackers are more than up to stealing account passwords from users. The addition of two-factor authentication, while not perfect, goes a long way toward protecting the vast majority of users from account theft.”
Author Rob Waugh, We Live Security