What Is 2-Factor Authentication For Microsoft Accounts
In 2-factor authentication or 2-step verification you are provided with a double layer of security which means that after you login to your Microsoft account then you need to provide a code either sent to you on your mobile number,generated by authenticator app or sent to you on your recovery email in the second step.Without entering the code you can’t login into your Microsoft account doesn’t matter if it is outlook,hotmail or windows live etc.Microsoft offers three options to receive verification codes.
- Text Message : You will receive verification codes automatically through text messages on your mobile phone from Microsoft in the second step after you log in and you are asked for codes.For this you need to add and register your mobile number in Microsoft account.You will learn about this later.
- Voice Call : You will be called on your mobile number and you have to listen that code as you will hear a voice of virtual computer assistant.Hear that code carefully and then enter during 2-step verification.
- Recovery Email : If you choose this option then you will receive verification code on your alternative email recovery email.This is a separate email which you register for backup.
- Authenticator APP : This app is available for windows and android and is available in their respective app stores.You need to setup this authenticator app and this will generate verification codes every 30 seconds.This app works in offline mode also and doesn’t require network.It only require network if the code generator clock needs to be synchronized with misrosoft servers.
We are using outlook email service to tell you to enable 2-step verification on Microsoft accounts.However you can use any Microsoft service to enable 2-step verification as Microsoft account settings is same for all services.The 2-step verification will automatically apply to every service associated with that account.These services include hotmail,windows live,skype,bing,outlook,Xbox l ive,skydrive and MSN.The tutorial will teach you to enable 2-step verification by using alternate email,mobile number and authenticator app.Lets start with mobile phone number.
Mobile Phone Number
- Go to outlook.com and login in to your Microsoft account.Now go to account settings by clicking your name on top right and select “account settings”.It will take you to account settings page.
- Now you will see a number of options.Below “Password and security info” click “Edit security info” or simply click “Security info” on left side panel.
- Under “Two-step verification” click “Set up two-step verification”.Click “Next” and then click “Done”.
- You will see a drop down list on the top.From this list select “Phone number”.Select your country and enter your mobile phone number to receive the code.Click “Next”.
- Enter the code you just received on your phone number to verify your phone number and click “Next”.Now your mobile number is setup and you will receive codes during 2-step verification.
- In the “Security info” click “Add” under “Alternate email address”.This email address should not be associated with Microsoft account.Add your another email from gmail or yahoo etc for recovery.
- After you click add,enter your desired email address and click “Next”.You will receive the verification code on your email address.Enter that code and click “Next” and you are done.
- Now you can choose “Email” during 2-step verification if you do not have your phone to receive text messages or calls.This is your backup option never remove alternate email.You can add multiple alternate emails.
- This app is available for windows smart phones and android smart phones.First you have to download and install this app from your respective apps store.In windows phone app store it is available as Microsoft authenticator app.
- Download and install another app called “Scan” which will be used to scan the 2D bar codes which will show up during 2-step verification.This app is available on play store.
- Now under “Authenticator app” click “Set up” then click “Next”.
- Now you will see a drop down list and a 2D barcode.Select “Authenticator app”.Now scan the 2D barcode with the “Scan” app on your phone.You will see a notification for saving the key on your android or windows phone in authenticator app,then click OK.The secret key will be automatically added to the authenticator app and you will see a green clock and a code.Enter the code below the 2D bar code and click “Next”.
- Now 2-step verification is on with authenticator app.Next time when you login just pick a code from this authenticator app and enter in 2-step verification step.
Important Note : Use two different phones for authenticator and mobile number.I mean to say that a smart phone like android or windows phone for authenticator app and a simple mobile phone to receive codes.If you use only the smart phone for both these options then if you lose your smart phone then you will lose your two recovery options for Microsoft account.So use different devices for these two features.
Generate Application Passwords
Now after enabling 2-step verification you won’t be able to login in apps like outlook on your windows phone 8 that doesn’t support 2-step verification method.When you login into them with your correct password they will say “wrong password”.For this you need application password.You can generate application password for every app on windows phone 8 or windows 8 that doesn’t support 2-step verification.
- Go to “Security info” and under “App passwords” click “Create a new password”.The password will be generated and you just have to enter this password in any app and just forget.It will never ask you to enter password again until you change the login password on Microsoft accounts.
- The same application password will not work on every app.You have to generate specific password for specific app.
- To remove all the application passwords click “Remove existing app passwords”.
If you have a trusted device then you can login from it in to your Microsoft account without 2-step verification codes.You can add a trusted device during 2-step verification process.A trusted device is your personal computer,laptop,windows phone or any other smart phone.See the image below.
You can see an option in the above pic stating that “I sign in frequently on this device.Don’t ask me for a code.”.If you check this option then that device will be added to your trusted device list and all Microsoft services like outlook,hotmail,Xbox live etc. will not ask you for codes if you login only from that device.You can just login into Microsoft account with your user name and password only but only on that trusted device.If you login from some where else then you will be asked for codes during 2-step verification.
Important Note : If you add your personal computer,laptop or windows phone to trusted device list then you will not be asked for codes and if you lose every option to receive 2-step verification codes then you can login into your Microsoft account from that trusted device only.Do not check the option “I sign in frequently on this device.Don’t ask me for a code” during 2-step verification if you are using a public computer.You can add multiple trusted devices by checking the option on different devices.
If you feel that you have checked the option on an untrusted device then you can remove it.But it will remove all the trusted devices from the list.So you need to add only trusted devices again for example your personal computer if you want to add a trusted device.
How To Remove A Trusted Device
- In “Security info” under “Trusted devices” click “Remove all the trusted devices associated with my account”.This will remove all devices from the list.
You May Also Read
Get Blog Updates Via Email Subscribe Now
Please check your email for the verification link. Click on the verification link to start your email newsletter subscription.