Microsoft buys security vendor PhoneFactor
Microsoft plans to integrate PhoneFactor's ulti-factor authentication technology into its cloud services and on-premises applications
IDG News Service - Microsoft has bought multi-factor authentication specialist PhoneFactor with the goal of integrating the company's technology into its cloud services and on-premises applications.
PhoneFactor, based in Overland Park, Kan., sells phone-based multi-factor authentication products for enterprises. Its technology was designed to work with both Microsoft enterprise products and with platforms from other vendors.
"Following this acquisition, Microsoft plans to further integrate PhoneFactor's technology into its Active Directory, Windows Azure Active Directory and Office 365 products," Bharat Shah, corporate vice president with Microsoft's Server and Tools division, said Thursday in a blog post.
For the time being PhoneFactor will continue to sell its products as a standalone service with existing pricing and contracts. However, in the future, the company's products will be transitioned to Microsoft's Volume Licensing contracts.
Existing PhoneFactor customers will continue to be supported and the company will remain open for business, PhoneFactor's CEO Timothy Sutton said in a blog post.
PhoneFactor's technology will also continue to work with non-Microsoft products and the company's existing partners will be able to continue to resell its products, according to a FAQ page on the company's website.
The use of multi-factor authentication for access to enterprise services and applications can prevent data breaches if user passwords are compromised.
This is because multi-factor authentication requires users to combine something they know, like their passwords, with something they own, like a special hardware device. With PhoneFactor's technology that device is the user's mobile phone or tablet.
The company offers three methods of phone-based authentication: calling users and waiting for them to answer and press the "#" key; texting users a passcode and waiting for them to send it back via SMS; or pushing an authentication request to an app installed on the users' phone and waiting for them to hit the "Authenticate" button.
Optionally the company also offers the possibility of using voiceprints in order to verify that the phone is actually in the user's possession. When this option enabled, the user also needs to speak a short phrase when called during the authentication process.
In recent years multi-factor authentication has been implemented into many online services. Google, Facebook, Yahoo Mail, LastPass and Dropbox are just some of the websites that offer it as an option for increased account security.
Microsoft has not adopted the technology for its new Outlook.com webmail service yet, but it requires it by default on billing.microsoft.com or xbox.com when users buy points.
Microsoft didn't disclose financial details of the deal.
- The DDoS Threat Spectrum Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- How to Keep Company Assets Secure with Federated Identity and Access Management This Technology Spotlight discusses the growing need for security in today's cloud-based, mobile world of IT, and the rise of SaaS-based solutions.
- Security, Privacy and Trust in Email Management This white paper discusses a SaaS-based email management solution that delivers the security, continuity and archiving capabilities your organization demands.
- Unifying Secuirty Operations Agile enterprises know that the way to quickly identify and react to threats to the business is to break down operational siloes by...
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Application Security White Papers | Webcasts