Yesterday Twitter and Microsoft added multifactor authentication, which is a good thing for the security of users. Microsoft has used the Internet Engineering Task Force (IETF)’s RFC-6238 time-based one-time password algorithm, which is also a good thing. I’m not sure what method Twitter chose.
Two-factor authentication, in addition to requiring a traditional static password, requires a time-sensitive password to authenticate a user. This may be delivered via a cellphone. With RFC-6238, new time-sensitive passwords are created every 30 seconds.
The beauty of RFC-6238 is that it’s a standard that’s well-documented and tested. Google already uses RFC-6238, so you can use Google Authenticator for Android to log into your Microsoft Accounts, and vice versa. Because they also use RFC-6238, you can use Google Authenticator to log into Dropbox, Facebook, Bitcoin, WordPress, et al.
Let’s hope that more websites that store our data hop aboard the RFC-6238 multifactor authentication train.
Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695