Microsoft has bought multi-factor authentication specialist PhoneFactor with the goal of integrating the company's technology into its cloud services and on-premises applications.
PhoneFactor, based in Kansas, sells phone-based multi-factor authentication products for enterprises. Its technology was designed to work with both Microsoft enterprise products and with platforms from other vendors.
"Following this acquisition, Microsoft plans to further integrate PhoneFactor's technology into its Active Directory, Windows Azure Active Directory and Office 365 products," Bharat Shah, corporate vice president with Microsoft's Server and Tools division, said yesterday.
For the time being PhoneFactor will continue to sell its products as a standalone service with existing pricing and contracts. However, in the future, the company's products will be transitioned to Microsoft's Volume Licensing contracts.
Existing PhoneFactor customers will continue to be supported and the company will remain open for business, PhoneFactor's CEO Timothy Sutton said.
PhoneFactor's technology will also continue to work with non-Microsoft products and the company's existing partners will be able to continue to resell its products.
The use of multi-factor authentication for access to enterprise services and applications can prevent data breaches if user passwords are compromised.
This is because multi-factor authentication requires users to combine something they know, like their passwords, with something they own, like a special hardware device. With PhoneFactor's technology that device is the user's mobile phone or tablet.
The company offers three methods of phone-based authentication: calling users and waiting for them to answer and press the "#" key; texting users a passcode and waiting for them to send it back via SMS; or pushing an authentication request to an app installed on the users' phone and waiting for them to hit the "Authenticate" button.
Optionally the company also offers the possibility of using voiceprints in order to verify that the phone is actually in the user's possession. When this option enabled, the user also needs to speak a short phrase when called during the authentication process.
In recent years multi-factor authentication has been implemented into many online services. Google, Facebook, Yahoo Mail, LastPass and Dropbox are just some of the websites that offer it as an option for increased account security.
Microsoft has not adopted the technology for its new Outlook.com webmail service yet, but it requires it by default on billing.microsoft.com or xbox.com when users buy points.