Microsoft has announced that it has acquired PhoneFactor, which is a suite of phone-based multi-factor authentication (MFA) methods to secure account logins and financial transactions. Moreover, it also protects data in SharePoint and file servers including enhancing the security of applications running in the cloud.
PhoneFactor makes use of user's existing phone and provides several layers of authentication as described below
- PhoneFactor calls the user who simply answers and presses # on the phone keypad
- PhoneFactor sends the user a text message containing a passcode. The user replies to the text message with the passcode.
- PhoneFactor pushes a notification to the appropriate application on the user's smartphone or tablet, which the user responds by tapping "Authenticate".
- PhoneFactor prompts users to speak a short passphrase during the authentication call, which they call as voiceprint.
The above mentioned authentication process is completely out-of-band, which protects against malware installed on your computer. In addition to securing user logins, PhoneFactor can prevent fraudulent funds transfers and payments by verifying transactions through a similar out-of-band process.
PhoneFactor already works with many Microsoft products and services, including Outlook Web Access and Internet Information Services, and interoperates with Active Directory. Microsoft has plans to integrate PhoneFactor with key Microsoft technologies such as Windows Azure Active Directory and Office 365 in the upcoming future.
In addition to a robust authentication platform, PhoneFactor also provides centralized user management, automated enrolment, user self-service, and extensive reporting capabilities.