View Original Article

Good morning! Except if you’re a hosted Microsoft customer who’s locked out of your account right now.

Microsoft’s cloud-based multi-factor authentication services went down across the globe early Monday morning, preventing users who are required to sign in using a second layer of authentication to their account, such as a text message, a push notification on their phone, or a hardware key. You hit the password page, and then you’re stuck — no code, no notification, nothing.

“Affected users may be unable to sign in,” said a notice on Office 365’s service health page, confirming the outage.

More than half a day later, the service is still struggling.

At the time of writing, Microsoft said it has deployed a hotfix to get the service up and running again, but will “continue to monitor any updates” for the next couple of hours. “We’ve received reports that users may no longer receive alerts, so we’re analyzing diagnostic logs to understand why,” the company added.

So far, there’s no clear reason for the outage. We’ve reached out to Microsoft for more, and will update when we hear back.

Multi-factor authentication adds a significantly greater layer of protection on an email account than just a password. But, as a crucial mechanism for users to log in, it’s also a single point of failure if the system breaks.

A system so secure that even its users can’t log in. Who knew?