Multi-factor failure locks out Microsoft Office 365 and Azure users

It’s supposed to keep criminals out of your account, not you.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Multi-factor failure locks out Microsoft Office 365 and Azure users

Users of Microsoft Azure and Office 365 are struggling to access their accounts today, due to a multi-factor authentication malfunction.

On the service status pages for Azure and Office 365. Microsoft confirms that affected users may find themselves unable to login or reset their passwords.

Multi-factor failure locks out Microsoft Office and Azure users

Sign up to our free newsletter.
Security news, advice, and tips.

Multi-factor authentication (often referred to as two-factor authentication or 2FA) is, of course, a technology designed to add an additional layer of security to your online accounts. I strongly recommend you enable it for your Microsoft accounts, and any other online accounts where it is available.

It’s supposed to keep out people who might have guessed or stolen your password. It’s not supposed to prevent *you* from accessing your account.

It would be ironic if the very people who were more sloppy about their online security (and thus hadn’t enabled multi-factor authentication on their Office 365 accounts were the ones who found it easier to get on with their work – while the security-conscious were left locked out.

Microsoft says that the situation has now improved, with some users able to login – but that’s going to be little consolation for those businesses who continue to find themselves locked out of their cloud-based services, and are losing money minute-by-minute.

Read more about two-step verification:


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Multi-factor failure locks out Microsoft Office 365 and Azure users”

  1. Skollob

    It is why I would never take up any of these 'on-demand' software solutions if they were used in any critical situation. Who managed to convince hard-headed businessmen that a wordprocessor or a spreadsheet, especially a database should exist halfway on around the world and that you would have to ask before using it and could be told, "No" whenever the company that sold it to you decided not to let you have access or couldn't? Moreover, you are then at the mercy of the weakest link in THEIR chain – an IT operative fails to protect the firm's servers and then it is, "We apologise." and you are screwed.

    As for 2FA, well the people who came up with it are clearly far too rich and gentrified. Firstly, I have to have a mobile phone – HAVE TO. What if I can't afford one? Don't want one? There is no signal? The battery is flat? Forgot my phone. Toileted it just now. 2FA is a pain in the butt (pun intended) and I spent around an hour with Apple tech turning the damn thing off on my iOS devices.

    I find this world baffling.

    I use a password manager (locally, on my PC – I'm not trusting those companies in the cloud with my passwords!) that can remind me to change them regularly, but TBH, I've never had that issue, because I regard a 'low' security password to be 16 characters – always have done.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.