Multi-factor failure locks out Microsoft Office 365 and Azure users

It's supposed to keep criminals out of your account, not you.

Multi-factor failure locks out Microsoft Office 365 and Azure users

Users of Microsoft Azure and Office 365 are struggling to access their accounts today, due to a multi-factor authentication malfunction.

On the service status pages for Azure and Office 365. Microsoft confirms that affected users may find themselves unable to login or reset their passwords.

Multi-factor failure locks out Microsoft Office and Azure users

Multi-factor authentication (often referred to as two-factor authentication or 2FA) is, of course, a technology designed to add an additional layer of security to your online accounts. I strongly recommend you enable it for your Microsoft accounts, and any other online accounts where it is available.

It’s supposed to keep out people who might have guessed or stolen your password. It’s not supposed to prevent *you* from accessing your account.

It would be ironic if the very people who were more sloppy about their online security (and thus hadn’t enabled multi-factor authentication on their Office 365 accounts were the ones who found it easier to get on with their work - while the security-conscious were left locked out.

Microsoft says that the situation has now improved, with some users able to login - but that’s going to be little consolation for those businesses who continue to find themselves locked out of their cloud-based services, and are losing money minute-by-minute.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

One Response

  1. Skollob

    November 21, 2018 at 8:20 pm #

    It is why I would never take up any of these ‘on-demand’ software solutions if they were used in any critical situation. Who managed to convince hard-headed businessmen that a wordprocessor or a spreadsheet, especially a database should exist halfway on around the world and that you would have to ask before using it and could be told, “No” whenever the company that sold it to you decided not to let you have access or couldn’t? Moreover, you are then at the mercy of the weakest link in THEIR chain - an IT operative fails to protect the firm’s servers and then it is, “We apologise.” and you are screwed.

    As for 2FA, well the people who came up with it are clearly far too rich and gentrified. Firstly, I have to have a mobile phone - HAVE TO. What if I can’t afford one? Don’t want one? There is no signal? The battery is flat? Forgot my phone. Toileted it just now. 2FA is a pain in the butt (pun intended) and I spent around an hour with Apple tech turning the damn thing off on my iOS devices.

    I find this world baffling.

    I use a password manager (locally, on my PC - I’m not trusting those companies in the cloud with my passwords!) that can remind me to change them regularly, but TBH, I’ve never had that issue, because I regard a ‘low’ security password to be 16 characters - always have done.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.