Microsoft has acquired PhoneFactor, a service which provides an additional layer of security during the authentication process, which today typically involves just a username and password (aka single-factor authentication). With PhoneFactor, as its name implies, the additional step it offers involves using a phone to further authenticate users upon sign in via a phone call, text, or mobile app, TechCrunch reports.
The first method calls users on their pre-registered mobile phone asking them to confirm their login attempt, which they then do by pressing the pound (#) key on their handset. Another method has users respond to an SMS text message with a passcode. A third solution involves PhoneFactor’s mobile app, which uses a push notification mechanism that prompts users to tap “Authenticate” within the application.
Multi-factor authentication is mainly a concern in business and enterprise environments, where it’s critical that sensitive information is protected. The process typically involves something you know (like your password) and something you possess. This latter item is often a smartcard, which some users find confusing to deal with and can be hard to keep up with. Mobile phones, on the other hand, are almost always by our sides.
PhoneFactor sells both a web version and an SDK, and supports a number of enterprise integrations, including many which integrate with Microsoft technologies, like Active Directory, Windows Azure Active Directory, Office 365, IIS, Outlook Web Access, SharePoint, and more. It works both on-premise and in the cloud, and it because it ties right into Active Directory, it’s fairly straightforward for I.T. admins to install and support. The company also offered a number of free solutions for smaller companies, supporting up to 25 users and 500 authentications per month.
Microsoft announced the acquisition via blog post (terms were not disclosed), and says that going forward, it will integrate PhoneFactor’s technology deeper into its own technologies, like those listed above.
PhoneFactor was founded in 2001, and is used in thousands of organizations spanning government, healthcare, banking, and other enterprise and website applications. The company’s solution secures millions of logins and online transactions per year.