People are starting to become more conscious of how fragile their easy-to-remember passwords are, but that doesn’t mean they’re actively taking steps to protect their precious online accounts. To ease the process of securing accounts, logging into them and entering passwords, Microsoft released a new app on Android called Microsoft Account that, to be brutally honest, is simply a Microsoft-centric version of Google Authenticator.
Like Google’s app and security system, Microsoft Account is a form of two-step authentication, though it practically replaces it. In a usual two-step system, users will be required to wait for some security code that will be sent to their mobile or email when logging into some accounts. This ensures that only the real owner of the account, who presumably also owns or has the linked smartphone, can log into it. Of course, if someone has physical access to your phone in addition to your password, then all bets are off.
While Google Authenticator relies on a similar code-based system, Microsoft Account is kind of the lazy way out. All you need to do, when receiving a notification to authenticate, is to tap on the Approve button and nothing more. It also works even if you have enabled two-step authentication for the account, bypassing the need to enter a code. It works, according to Microsoft, even if the device is offline, because it can also generate security codes in that case. The single tap feature is definitely a huge convenience, but one wonders about the strength of its security.
There is one other major difference between Google Authenticator and Microsoft Account. While the former can be used for both Google’s own services as well as third-party logins, like Evernote, Dropbox, and, quite amusingly, Microsoft accounts, Microsoft’s app only works for Microsoft accounts. But even then it doesn’t work for everything. Windows Azure users will have to use a separate app if they want to use the cloud platform’s Multi-Factor Authentication.
Download: Microsoft Account on Google Play Store