Multi-factor failure locks out Microsoft Office 365 and Azure users

Graham Cluley

No entry thumb

Multi-factor failure locks out Microsoft Office 365 and Azure users

Users of Microsoft Azure and Office 365 are struggling to access their accounts today, due to a multi-factor authentication malfunction.

On the service status pages for Azure and Office 365. Microsoft confirms that affected users may find themselves unable to login or reset their passwords.

Multi-factor failure locks out Microsoft Office and Azure users

Multi-factor authentication (often referred to as two-factor authentication or 2FA) is, of course, a technology designed to add an additional layer of security to your online accounts. I strongly recommend you enable it for your Microsoft accounts, and any other online accounts where it is available.

It’s supposed to keep out people who might have guessed or stolen your password. It’s not supposed to prevent *you* from accessing your account.

It would be ironic if the very people who were more sloppy about their online security (and thus hadn’t enabled multi-factor authentication on their Office 365 accounts were the ones who found it easier to get on with their work – while the security-conscious were left locked out.

Microsoft says that the situation has now improved, with some users able to login – but that’s going to be little consolation for those businesses who continue to find themselves locked out of their cloud-based services, and are losing money minute-by-minute.

Read more about two-step verification:

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Multi-factor failure locks out Microsoft Office 365 and Azure users”

  1. It is why I would never take up any of these 'on-demand' software solutions if they were used in any critical situation. Who managed to convince hard-headed businessmen that a wordprocessor or a spreadsheet, especially a database should exist halfway on around the world and that you would have to ask before using it and could be told, "No" whenever the company that sold it to you decided not to let you have access or couldn't? Moreover, you are then at the mercy of the weakest link in THEIR chain – an IT operative fails to protect the firm's servers and then it is, "We apologise." and you are screwed.

    As for 2FA, well the people who came up with it are clearly far too rich and gentrified. Firstly, I have to have a mobile phone – HAVE TO. What if I can't afford one? Don't want one? There is no signal? The battery is flat? Forgot my phone. Toileted it just now. 2FA is a pain in the butt (pun intended) and I spent around an hour with Apple tech turning the damn thing off on my iOS devices.

    I find this world baffling.

    I use a password manager (locally, on my PC – I'm not trusting those companies in the cloud with my passwords!) that can remind me to change them regularly, but TBH, I've never had that issue, because I regard a 'low' security password to be 16 characters – always have done.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.




Stay informed!

Join thousands of others by signing-up for the free “GCHQ” newsletter, containing the latest news and tips from security expert Graham Cluley.

Name:

Email:

Yes, I would like to subscribe to email updates from Graham Cluley. I know it’s easy to unsubscribe if I ever change my mind.