How to Enable Two-Factor Authentication (2FA) on a Microsoft Account
Worried about your Microsoft account's security? Turn on two-factor authentication (2FA) to make your account logins more secure!
Once upon a time, most web services used single-factor authentication for security. Users only needed a username and a password to log in and access their accounts. However, in this new era of major data breaches and various security exploits, passwords have become increasingly weak and have forced companies to enforce more secure and robust authentication factors.
Two-factor authentication, also known as “multi-factor authentication,” or “2FA,” is currently the industry standard for account security. It adds a second layer of verification for signing into apps, websites, and other services. In this system, you will need to both provide your password and prove your identity, making it difficult for someone else to gain access to your sensitive credentials.
Using two-factor authentication is a must, given most people tend to reuse passwords across multiple accounts and services. Even if a malicious individual manages to steal your password, it will be almost impossible for them to access your account without the second form of verification.
Tech giant Microsoft has recently integrated a new two-factor authentication system, dubbed as the “Two-Step Verification” process across all its services. Whether you have a Microsoft account for Office 365, OneDrive, or Xbox, you can take advantage of the Microsoft Authenticator app on your mobile device to enable two-step verification. Once set up, you will have to verify your identity by entering a temporary security code every time you log in.
Considering that two-step verification adds an extra security layer to your Microsoft account and protects it from unauthorized access, we highly recommend turning it on. This guide will walk you through the complete process on a step-by-step basis.
Enable two-step verification on your Microsoft account
To make it easier for you to follow, we have broken down the process to enable two-factor authentication on a Microsoft account into two steps. The first step requires you to set up the Microsoft Authenticator app on your phone. The second step will show you how to turn on the 2FA feature from your Microsoft account settings.
Set up Microsoft Authenticator on your phone
Before you proceed to add a second factor to your account security with two-step verification, you will have to begin with setting up the Microsoft Authenticator app on your Android or iOS device. The following steps below outline the process to configure the app on an Android phone, but they also apply to iPhone and iPad devices.
- First, open the Play Store (App Store if you are on iOS) and search for the Microsoft Authenticator app.
- Tap Install and wait until the app finishes downloading and installing on your device.
- Go to your app drawer or home screen to launch the Authenticator app.
- Tap the button that says “I agree” to agree to Microsoft’s privacy statement.
- Next, tap the “Sign in with Microsoft” button on the following screen, and then proceed to sign in with your account credentials.
- Once you add your account, tap the “Got it” button.
That’s it! All is left for you to do is turn on two-step verification on your Microsoft account.
Turn on two-step verification
Before you continue, make sure to update the security information of your Microsoft account. Having multiple contact information will ensure you never get locked out of your account. More on that later.
For now, you can perform the following steps to turn on two-step verification on your Microsoft account:
- First, visit account.microsoft.com/account from your preferred web browser.
- Next, click the Sign In button and log in with your account credentials.
- Scroll to the bottom of the account settings page and click the Security tile.
- Now click the Two-step verification option on the page’s upper-right corner.
- After that, scroll down to the “Additional security” section, and click Turn on under the Two-step verification option.
- Click Next at the beginning of the two-step verification wizard.
- Optional Step: If you happen to use the Outlook app on your mobile device, follow the on-screen instructions to allow the app to sync your emails with an app password. Check out the later section for more information.
- Click the Next button to continue, then hit Finish to close the wizard.
From now on, when you (or someone else) try to sign in to your Microsoft account from an unknown device, you will get a prompt on your phone to confirm your identity.
Add security info for two-step verification
Once you enable two-step verification, you will need to go through a second form of authentication to log in to your Microsoft account. Even if you forget your password, you will have other contact methods to get access to your account.
As we previously mentioned, it’s crucial to have other security information added to your Microsoft account before you enable two-step verification. It can be either your phone numbers or alternative email addresses. Here’s what you need to do:
- Head over to account.microsoft.com/account from your preferred web browser, and sign in with your credentials.
- Now go to the Security menu and click the Advanced security options tile.
- Next, click the Add a new way to sign in or verify option under the “Ways to prove who you are” section.
- After that, select your preferred verification option. For example, we will go with the “Email a code” option here, but you may choose something else.
- Confirm your alternate email address and click Next. Microsoft will send you a security code on your alternate email address.
- Enter the code on the Microsoft account page and click Next again.
This is how you can have additional security info added to your Microsoft account. With two-step verification enabled, you can get the security code using the alternative contact methods.
Create an app password for two-step verification
If you use an app or device that doesn’t have two-step verification support, you will have to use an app password. Here’s how to create one for your Microsoft account:
- Go to the Microsoft Account page from your web browser and log in with your account details.
- Next, head over to the Security menu, followed by clicking Advanced security options.
- Scroll down to the “App passwords” section and click Create a new app password.
- Now enter the generated password on the app or device that doesn’t support two-factor authentication, then click Done.
If you wish to delete your app passwords, all you have to do is go back to the Security > Advanced security options menu, scroll down to the “App passwords” section, and click Remove existing app passwords. After that, click the Remove button next to the passwords you wish to delete, and then hit OK to return to the previous page.
Disable two-step verification on your Microsoft account
If you no longer find the two-step verification feature useful, you can disable it on your Microsoft account in just a few steps.
- Go to the Microsoft Account website and sign in with your account credentials if not already.
- Scroll down and click the Security tile, then select Advanced security options on the following screen.
- Go down to the “Additional security” section and click Turn off under the Two-step verification option.
- When you are asked to confirm disabling two-step verification, click Yes.
Note that you will receive security codes on your phone ever after disabling two-step verification on your Microsoft account for security purposes. Plus, you may have to remove the app passwords you used with other apps and devices to revert to using the traditional authentication method.