As every day goes by more and more organizations of all sizes are using Office 365. Meanwhile, either in or outside of the work place, most of us use two factor authentication at one time or another to prove who we are to financial institutions, intranets, or other online services. Using a second authentication factor to prove your identity enables greater security than accessing services via only a first factor: a username and password combination. Organizations typically secure access to particularly sensitive information and resources by using a special code as the second factor, such as the one on the token below.
I’m excited to bring you something new! Busineses can use RSA SecurID technology to authenticate to Office 365, and the new white paper, Securing Access to the Office 365 Cloud with Two Factor Authentication is available for download. It is for people learning about the suite, and for those about to adopt the solution. The paper helps them to select an approach to user authentication, guides them through basic planning and deployment steps for two factor authentication, and provides additional resources.
$60 a pop for something easier to lose than chapstick...
"The RSA SecurID breach began with a malicious email titled "2011 Recruitment Plan" and contained a malicious Microsoft Excel attachment."
Why not open up Office 365 to other, non-early 2000's two-factor authentication technologies?
@Ian Ray: Microsoft CVP of Trustworthy Computing, Scott Charney, delivered a keynote at the RSA Conference. The keynote and his blog (http://bit.ly/xqGk7j) demonstrate the breadth of security and threat topics Microsoft works in currently.
Also, in our new user authentication white paper you’ll find “From a technical standpoint, there are a wide variety of feasible, two factor authentication methods for Office 365. ... As business partners and customers test, verify and gain experience with how these technologies interoperate and work within organizations, Microsoft may begin to recommend both RSA SecurID and other two factor authentication technologies to Office 365 customers.” See the last section of the paper for other info.
Thanks again for the information Tony.
I found Okta supports Office 365 in some way. I was not aware of this. Okta already provides SMS softcodes and security questions (three-factor authentication?).
I have used Okta before and found it very good for integrating Windows login for SSO to web services. The only reason I did not adopt it was because of the cost per month.
We should be looking at www.telesign.com
@Lance: Thank you for the recommendation.
Can you add an option for SMS two-factor authentication for all Office365 customers?
Please add an option for two-factor authentication using SMS like Google Mail offers. You can see a write up on the blog post at www.codinghorror.com/.../make-your-email-hacker-proof.html on how Google Mail does this.
@Luke: I appreciate this input and suggest reaching out to the Office 365 Technical Blog (http://bit.ly/eLdkDk) which includes the most current information on the service and its integration. Also, I see that SMS authentication for Office 365 is becoming available in the marketplace (http://bit.ly/eRYWs5).
Microsoft really needs to provide the regular two-factor authentication that it does for Hotmail users using the standard mobile authenticator apps for cloud-only Office 365 users who don't have federation. The current Office 365 2FA is utterly useless and 99.99% of customers don't use it.