Hey, you should help your family and friends set up two-step verification (2FA)

Microsoft Authenticator
Microsoft Authenticator (Image credit: Windows Central)

Phishing scams and other types of password theft attacks are on the rise, and it has never been more important to set up two-factor authentication on your accounts (also known as 2FA).

What exactly is 2FA? As the name suggests, it adds a second layer of authentication for accessing your accounts, and the vast majority of big services support it; some even require it. Using an app on your phone, you're given an additional one-use password that expires after 30 seconds. It means that even if your password is lost to an attacker, they'd still need to bypass the 2FA layer to access your account.

No web system is 100% unbreakable, but adding 2FA adds a much-needed layer of additional defense against low-level threats to your account security. It can be a hassle to set up and use, for sure, but having your accounts broken into can cause a much bigger headache. Nobody thinks it will happen to them until it does.

Recently, I had a friend lose his Microsoft Account to password thieves, and another friend's son lose his Discord account in a similar way. Also similarly, neither had 2FA set up on their accounts, which would have protected them against password theft.

Here's a quick crash course on how to set up 2FA with the Microsoft Authenticator app.

Update: We're giving this a bump because it's Cybersecurity Awareness Month! Be sure to get your fam set up on 2FA to prevent data loss, or worse, fraud and theft.

Grab Microsoft Authenticator for Android and iOS

There are other authenticator apps out there, but I find Microsoft's to be among the more robust. With business-grade security cloud investments, Microsoft's Azure platform is among the least likely to be breached overall. Sadly, Microsoft Authenticator is not available on Windows 10 itself, but you can get the password synchronization service within Microsoft Edge.

General tips on setting up 2FA

Microsoft Authenticator works best when paired with a Microsoft Account. If you use Xbox Live or have a Hotmail or Outlook email address, the account you use with those platforms is also a Microsoft Account. If you want to grab one, you can do so for free on the Microsoft website.

Once you sign into Microsoft Authenticator with your Microsoft Account, it will sync and back up any authentication codes you put into the app. If you lose or get a new phone, you'll be able to sign into the authenticator and download backups of your authentication codes from the internet.

Once you're in the app, you can begin adding accounts from various other platforms into the app for safety and security. Practically every major service from Amazon to Zoom, has a 2FA security setup option. Generally, you will find it in your account settings, under security, in the vast majority of services. Setting up an authenticator app is more secure than using SMS-based codes for 2FA, but if you lose your authentication device, recovering your accounts can become tricky. To that end, most providers also give you a series of encryption keys you can print off and store in a secure location physically. These are typically called "backup codes," and are typically found in the same vicinity as 2FA and other security features of your app.

Typically, your Microsoft Authenticator app also uses a pin code to stay secure, or biometrics. If you have a fingerprint scanner, this provides an additional layer of security.

As an example, let's set up a 2FA code sequence using Microsoft Authenticator and Reddit.

  1. Inside the Microsoft Authenticator app, select Add Account.
  2. There will be three options. Personal Account is for your Microsoft Account, you should sign in with this first to set up synchronization if you haven't already. Work and School Account is for business Microsoft 365 users.
  3. For accounts like Reddit, Facebook, Amazon, PayPal, and so on, you'll want to select Other Account.
  4. It will request access to your camera, select Yes to allow your camera to be used. It will ask you to scan a QR code.
  5. In your service's security section, there will be information about 2FA or Two-Factor Authentication somewhere.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Once enabled, it will give you a QR code like the above picture. Scan it using your Microsoft Authenticator app.
  2. It will then start providing you with codes. Use the code to start syncing 2FA codes between your app and the account you're trying to set up, such as Reddit in this example.
  3. The next time you sign in with an unrecognized device, it will ask to take a code from your app.

Ideally, you should set this up on literally every account you have, your central email being the most important one. Retain your backup codes at the very least for your central email account, so you always have something to fall back on. Also check in with your phone provider to make sure your security options are up to date, one scam involves tricking your phone provider into giving an attacker access to your sim card, which would bypass 2FA if you're using SMS.

Jez Corden
Co-Managing Editor

Jez Corden is a Managing Editor at Windows Central, focusing primarily on all things Xbox and gaming. Jez is known for breaking exclusive news and analysis as relates to the Microsoft ecosystem while being powered by tea. Follow on Twitter @JezCorden and listen to his XB2 Podcast, all about, you guessed it, Xbox!