Microsoft’s Outlook app may now be used to sign in to Microsoft accounts and services. How useful is the new functionality?
Sign ins to accounts on the Web or locally on devices are still a major nuisance for users. If you follow security guidelines, you pick a secure unique password for each service, and preferably, enable two-factor authentication as well.
Passkeys promise an improvement, but most Internet services and operating systems do not support this yet fully.
Microsoft has now enabled authentication functionality in its Outlook app to improve the login flow and make it more secure for certain setups. Classic two-factor authentication options such as text messaging are insecure, as the code is submitted in clear text.
Using the Outlook app for authentication
The main idea here is to use Outlook to verify the sign in. It works similarly to Authenticator apps, including Microsoft Authenticator.
Here is the entire process:
- You submit your username and password to sign in to your Microsoft account. This can be in Microsoft 365, OneDrive, Teams, or even Microsoft Windows.
- Microsoft displays a number on the next screen and prompts you to check your Outlook app.
- You need to tap on the right number, out of three presented to you, in the Outlook app.
- You then need to allow this using biometric or PIN verification.
Why is Microsoft introducing the functionality?
Microsoft Authenticator offers this functionality already. Why then is Microsoft introducing it in Outlook? Microsoft does not say in the official announcement.
The most likely reason is reach. Microsoft Authenticator has over 100 million downloads on Google Play, which is impressive for such an app. Microsoft Outlook, however, has over 1 billion downloads on Google Play alone. While a good portion of these downloads are not active, it is still likely that the Outlook app has a bigger reach than the Authenticator app.
Microsoft can reach ten times as many users in Outlook. To make things even simpler, the company is enabling the new functionality automatically in the latest Outlook app.
Microsoft says:
This sign-in verification functionality will be automatically enabled when you use the latest version of the Outlook app.
In other words, if you use the Outlook app on Android, it sounds as if you have two factor authentication enabled automatically for your account. I have the app installed, but cannot verify this at this point because of Microsoft’s rollout of the feature.
There is a chance that this functionality becomes available only to users who have two-factor authentication enabled already for their accounts. This would improve the process, if they use weaker verification options, such as text messages.
Closing Words
Microsoft’s Authenticator app offers advantages over the Outlook implementation. Microsoft notes that users of the Authenticator app can continue using it. The app supports adding different accounts as well, while the Outlook app is limited to securing Microsoft accounts.
Microsoft says that the functionality is rolling out to all Android users. An iOS update is in development already and will be launched in the future.
Do you use two-factor authentication to improve account security?