This article gives an in-depth knowledge of how you can set up two-factor authentication for your Microsoft account and manage it to make it more secure, and how you can recover it if you ever forgot your password.
What is Two-Factor Authentication
Two-factor authentication protects your online account(s) with an additional security layer, which you can bypass. It requires you to pass a verification exam, which only you can do, and only then will it log in to your account. This verification method is accomplished with 2 basic things: a password and something you have (such as your phone).
What is Two-Factor Authentication How to Set Up Two-Factor Authentication on Microsoft Account How to Add Security Information for Two-Factor Authentication Turn on Two-Factor Authentication on Microsoft Account Set Up Microsoft Authenticator App Password for Two-Factor Authentication Set Up App Password for Two-Factor Authentication Remove App Password for Two-Factor Authentication How to Change Security Information for Two-Factor Authentication How to Disable Two-Factor Authentication on Microsoft Account Final Thoughts
For instance, if you are logging in to your Microsoft account with 2FA enabled, Microsoft will ask you for an additional security response by either sending you a text on your number or an email on your alternative email address with a one-time code or authenticating it through a dedicated app (Microsoft Authenticator) on your phone. Usually, two-factor authentication for a Microsoft account requires two forms of authentication methods. However, it is recommended that you have three (in case you lose one method, like losing your phone). This additional form of authentication is also helpful in recovering your account in case you are locked out or forget your password.
How to Set Up Two-Factor Authentication on Microsoft Account
To configure 2FA for a Microsoft account, you will need an additional verification method to log into your account, other than a password every time. This additional method can be used in the following forms:
A notification through the Authenticator app.A verification code generated through the Authenticator app.A verification code received via text message on your phone number.Verficiation through a phone call.A verification code received via email on an alternative email address.
You can choose which method you would prefer. The method to change your verification preference has been discussed further in this article. Before you can set up two-factor authentication for your Microsoft account, you must first provide details of alternative methods that Microsoft can contact you.
How to Add Security Information for Two-Factor Authentication
If you have not already added a phone number or an alternative email address to your Microsoft account, follow the steps below to do so now: Once done, you will now have both a phone number and an alternative email address to be used for two-factor authentication. Let us now proceed with setting up two-factor authentication.
Turn on Two-Factor Authentication on Microsoft Account
Now that the security information has been added, it is time to complete the process of turning on two-factor authentication. You have now successfully switched on two-factor authentication. If you or anyone else signs in from an unrecognized device, they will be asked to provide a secondary verification mode.
Set Up Microsoft Authenticator
Microsoft Authenticator is an application developed for Android and iOS that can be used for two-factor authentication. Once configured, the app will prompt for verification on your phone. Note that this requires two-factor authentication to be enabled from your Microsoft account as performed above. Perform the steps below on your phone to configure the Microsoft Authenticator: Now when you sign in to your Microsoft account, you will be asked to click on a specific number from the Authenticator app on your phone. If it is you who is logging in, select the corresponding number and click Approve. If you have the Authenticator app installed, it automatically gives preferences over other two-factor authentication methods. If you do not have the app with you, click I don’t have access to my Microsoft Authenticator app and proceed to the remaining two-factor authentication methods.
App Password for Two-Factor Authentication
If you have configured two-factor authentication for your Microsoft account, it may be possible that some applications that need to access your account (such as Microsoft Outlook) may no longer be able to do so. In that case, you need to configure an app password, using which the application (outlook, etc.) can communicate with your account.
Set Up App Password for Two-Factor Authentication
Note: Two-factor authentication needs to be enabled to set up an app password. Follow the steps below to generate a password and use it in an application: Once the password has been entered, the app can communicate with your Microsoft account. To learn how to use this password with an app, read this Microsoft guide. Remember that you need to create a new app password for each app since one password cannot be used for more than one app.
Remove App Password for Two-Factor Authentication
If you are no longer using the app with the account with 2FA, here is how you can remove the app passwords: The app passwords will be removed. However, some apps may now become dysfunctional with two-factor authentication enabled.
How to Change Security Information for Two-Factor Authentication
It may be possible that you have changed your phone number, lost your phone, or simply want to change the alternative email you have configured for two-factor authentication on your Microsoft account. In that case, you can add a new phone number or email address using the same method given in “How to Add Security Information for Two-Factor Authentication” above. Once done, you can now safely remove your old information by expanding the relevant option on the Advanced security options page and then clicking Remove. When asked for a confirmation, click Remove again. Your security information will now be removed.
How to Disable Two-Factor Authentication on Microsoft Account
Many users find it frustrating to verify your login via two-factor authentication every time you sign in to a new device. If you believe your account is secure otherwise, you can disable this authentication method using the following steps: Two-factor authentication will now be disabled. However, Microsoft will still use your phone number and alternative email address to send codes when it detects a security risk. Furthermore, if two-factor authentication is disabled, you will also need to remove app passwords from the applications that you previously configured (if any).
Final Thoughts
Two-factor authentication helps you keep your account secure. Anything linked to your Microsoft account will also become more secure if it is enabled. For this reason, we recommend that you enable 2FA on all digital accounts, so that you can make them more secure.