Users of Microsoft Azure and Office 365 are struggling to access their accounts today, due to a multi-factor authentication malfunction.
On the service status pages for Azure and Office 365. Microsoft confirms that affected users may find themselves unable to login or reset their passwords.
Multi-factor authentication (often referred to as two-factor authentication or 2FA) is, of course, a technology designed to add an additional layer of security to your online accounts. I strongly recommend you enable it for your Microsoft accounts, and any other online accounts where it is available.
It’s supposed to keep out people who might have guessed or stolen your password. It’s not supposed to prevent *you* from accessing your account.
It would be ironic if the very people who were more sloppy about their online security (and thus hadn’t enabled multi-factor authentication on their Office 365 accounts were the ones who found it easier to get on with their work – while the security-conscious were left locked out.
Microsoft says that the situation has now improved, with some users able to login – but that’s going to be little consolation for those businesses who continue to find themselves locked out of their cloud-based services, and are losing money minute-by-minute.
Read more about two-step verification:
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
One comment on “Multi-factor failure locks out Microsoft Office 365 and Azure users”
It is why I would never take up any of these 'on-demand' software solutions if they were used in any critical situation. Who managed to convince hard-headed businessmen that a wordprocessor or a spreadsheet, especially a database should exist halfway on around the world and that you would have to ask before using it and could be told, "No" whenever the company that sold it to you decided not to let you have access or couldn't? Moreover, you are then at the mercy of the weakest link in THEIR chain – an IT operative fails to protect the firm's servers and then it is, "We apologise." and you are screwed.
As for 2FA, well the people who came up with it are clearly far too rich and gentrified. Firstly, I have to have a mobile phone – HAVE TO. What if I can't afford one? Don't want one? There is no signal? The battery is flat? Forgot my phone. Toileted it just now. 2FA is a pain in the butt (pun intended) and I spent around an hour with Apple tech turning the damn thing off on my iOS devices.
I find this world baffling.
I use a password manager (locally, on my PC – I'm not trusting those companies in the cloud with my passwords!) that can remind me to change them regularly, but TBH, I've never had that issue, because I regard a 'low' security password to be 16 characters – always have done.