I've read multiple news articles that claim Hotmail offers two-factor authentication. One of the articles describes Hotmail's system, saying
…whenever you go to Hotmail…you can choose to get a single-use code–a string of numbers that will be sent via text message to your phone–to use instead of your password.
- Is this an accurate description of Hotmail's system?
- If so, does Hotmail really offer two-factor authentication? If you can use either your password or a single-use code, it seems to me that it does not.
- Is this system really more secure than just having a password? Doesn't this just make an additional "key" available to a hacker? (I must be wrong here, I know the folks at Microsoft are much smarter than I am).
Best Answer
Well your second article merely references the first, so only one article is really spreading the idea.
Hotmail doesn't have a two-factor system. As you suggest, you actually have the option of having a single use code sent to your phone to use on a public computer to login instead of a password. So in effect it is still single sign on, but you have a choice of two ways for that way to be.
Using the code is more secure in the sense that a keylogger or packet sniffer on the computer will only get a single use code that has been used, as opposed to your password. If you have HTTPS enabled (which I believe is default now) then there is also little opportunity for session hijacking as well. Just don't forget to log off!