Two-factor authentication (also known as “2FA,” “two-step verification” and “multi-factor authentication”) is an additional security layer for your online accounts that allows you to log in only once you have passed the verification test. This protocol prevents unauthorized users from logging into your account, even if your password has been compromised.
This article gives an in-depth knowledge of how you can set up two-factor authentication for your Microsoft account and manage it to make it more secure, and how you can recover it if you ever forgot your password.
Table of Contents
What is Two-Factor Authentication
Two-factor authentication protects your online account(s) with an additional security layer, which you can bypass. It requires you to pass a verification exam, which only you can do, and only then will it log in to your account. This verification method is accomplished with 2 basic things: a password and something you have (such as your phone).
For instance, if you are logging in to your Microsoft account with 2FA enabled, Microsoft will ask you for an additional security response by either sending you a text on your number or an email on your alternative email address with a one-time code or authenticating it through a dedicated app (Microsoft Authenticator) on your phone.
Usually, two-factor authentication for a Microsoft account requires two forms of authentication methods. However, it is recommended that you have three (in case you lose one method, like losing your phone). This additional form of authentication is also helpful in recovering your account in case you are locked out or forget your password.
How to Set Up Two-Factor Authentication on Microsoft Account
To configure 2FA for a Microsoft account, you will need an additional verification method to log into your account, other than a password every time. This additional method can be used in the following forms:
- A notification through the Authenticator app.
- A verification code generated through the Authenticator app.
- A verification code received via text message on your phone number.
- Verficiation through a phone call.
- A verification code received via email on an alternative email address.
You can choose which method you would prefer. The method to change your verification preference has been discussed further in this article. Before you can set up two-factor authentication for your Microsoft account, you must first provide details of alternative methods that Microsoft can contact you.
How to Add Security Information for Two-Factor Authentication
If you have not already added a phone number or an alternative email address to your Microsoft account, follow the steps below to do so now:
- Begin by logging into your Microsoft account using this link, click Sign in, and enter your credentials.
- Once logged in, click Security from the top menu.
- On the Security page, click Advanced security options.
- Now click Add a new way to sign in or verify.
- Now select the verification option from the popup. Clicking “Email a code” will ask for an alternative email address, and clicking “Text a code” will ask for a phone number.
- On the next screen, provide either an alternative email address or phone number (depending upon your choice in step 5), and then click Next.
- You will now receive a code in the selected option. Enter that code and click Next.
- Now repeat steps 4 through 7 and add the secondary way to sign in or verify.
Once done, you will now have both a phone number and an alternative email address to be used for two-factor authentication.
Let us now proceed with setting up two-factor authentication.
Turn on Two-Factor Authentication on Microsoft Account
Now that the security information has been added, it is time to complete the process of turning on two-factor authentication.
- From the Security tab, click Advanced security options.
- Under Additional security, click Turn on for “Two-step verification.”
- On the next screen, click Next.
- You will now be asked to set up Microsoft Authenticator app for two-factor authentication. You can either choose to Cancel this option since verification through the app is discussed in another section of the post, or click Get it now.
- You will now be asked to create an app password, as some applications do not support verification codes. This section has been converted further down in this post. Click Next.
- Now click Finish.
You have now successfully switched on two-factor authentication. If you or anyone else signs in from an unrecognized device, they will be asked to provide a secondary verification mode.
Set Up Microsoft Authenticator
Microsoft Authenticator is an application developed for Android and iOS that can be used for two-factor authentication. Once configured, the app will prompt for verification on your phone. Note that this requires two-factor authentication to be enabled from your Microsoft account as performed above.
Perform the steps below on your phone to configure the Microsoft Authenticator:
- Click on either of the links below to install the app on your phone.
- Microsoft Authenticator for Android
- Microsoft Authenticator for iOS
- Now run the app, agree to the terms and conditions, and then sign into your Microsoft account.
- You can now close the app.
Now when you sign in to your Microsoft account, you will be asked to click on a specific number from the Authenticator app on your phone. If it is you who is logging in, select the corresponding number and click Approve.
If you have the Authenticator app installed, it automatically gives preferences over other two-factor authentication methods. If you do not have the app with you, click I don’t have access to my Microsoft Authenticator app and proceed to the remaining two-factor authentication methods.
App Password for Two-Factor Authentication
If you have configured two-factor authentication for your Microsoft account, it may be possible that some applications that need to access your account (such as Microsoft Outlook) may no longer be able to do so. In that case, you need to configure an app password, using which the application (outlook, etc.) can communicate with your account.
Set Up App Password for Two-Factor Authentication
Note: Two-factor authentication needs to be enabled to set up an app password.
Follow the steps below to generate a password and use it in an application:
- Navigate to the following from within your Microsoft account:
Security >> Advanced security options - Now click Create a new app password under App passwords.
- You will now be shown an app password. Copy and paste it into the Password field of the app you want to work with two-factor authentication.
Once the password has been entered, the app can communicate with your Microsoft account. To learn how to use this password with an app, read this Microsoft guide.
Remember that you need to create a new app password for each app since one password cannot be used for more than one app.
Remove App Password for Two-Factor Authentication
If you are no longer using the app with the account with 2FA, here is how you can remove the app passwords:
- Navigate to the following from within your Microsoft account:
Security >> Advanced security options - Now click Remove existing app passwords under App passwords.
- From the confirmation prompt, click Remove.
The app passwords will be removed. However, some apps may now become dysfunctional with two-factor authentication enabled.
How to Change Security Information for Two-Factor Authentication
It may be possible that you have changed your phone number, lost your phone, or simply want to change the alternative email you have configured for two-factor authentication on your Microsoft account. In that case, you can add a new phone number or email address using the same method given in “How to Add Security Information for Two-Factor Authentication” above.
Once done, you can now safely remove your old information by expanding the relevant option on the Advanced security options page and then clicking Remove.
When asked for a confirmation, click Remove again. Your security information will now be removed.
How to Disable Two-Factor Authentication on Microsoft Account
Many users find it frustrating to verify your login via two-factor authentication every time you sign in to a new device. If you believe your account is secure otherwise, you can disable this authentication method using the following steps:
- Log into your Microsoft account using this link, click Sign in, and enter your credentials.
- Switch to the Security tab from the top menu.
- On the Security page, click Advanced security options.
- Scroll down and click Turn off under “Two-step verification.”
- From the confirmation prompt, click Yes.
Two-factor authentication will now be disabled. However, Microsoft will still use your phone number and alternative email address to send codes when it detects a security risk.
Furthermore, if two-factor authentication is disabled, you will also need to remove app passwords from the applications that you previously configured (if any).
Final Thoughts
Two-factor authentication helps you keep your account secure. Anything linked to your Microsoft account will also become more secure if it is enabled. For this reason, we recommend that you enable 2FA on all digital accounts, so that you can make them more secure.
