Microsoft wants to make sure that its customers don’t suffer the fate of Wired’s Mat Honan.Today they acquired a tiny 50-person company, PhoneFactor, that turns your cell phone into a password-verification device for an undisclosed sum.
Hackers nearly destroyed Honan’s digital life two months ago. On the hunt for a Twitter password, they got into his Amazon account, which helped them gain access to his Apple and Google accounts. They remotely erased all his data, even on his iPhone and Mac.
Honan admitted, “Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened.”
Two-factor authentication means that you need more than just a password to log in—you need something extra to verify your identity. A lot of these security schemes rely on your phone.
One example of two-factor authentication at work: After you type in a username and password, your phone is sent a code via text or an automated phone call. You have to enter that code when you sign in. So hackers can’t just know your password—they’d have to get your phone, too.
Google has a piece of software called Google Authenticator which generates these codes without needing to bother with a text or phone call.
PhoneFactor is an app that does similar things for enterprise apps. It already supported a bunch of Microsoft software, including email and Active Directory. (Active Directory is how enterprises keep track of employee passwords to Windows apps.)
Interestingly, it wasn’t the Windows Phone team that made this acquisition but the Server and Tools business unit. They are going to add PhoneFactor’s tech into Microsoft’s cloud apps like Windows Azure Active Directory, a Web-based implementation of Active Directory, and Office 365, an online version of Microsoft’s productivity-software suite.
PhoneFactor was founded by Tim Sutton in 2001. Sutton is best known for his years as president of Sprint’s broadband wireless business. Cofounder Steve Dispensa also hailed from Sprint.