Phishing scams and other types of password theft attacks are on the rise, and it has never been more important to set up two-factor authentication on your accounts (also known as 2FA).
What exactly is 2FA? As the name suggests, it adds a second layer of authentication for accessing your accounts, and the vast majority of big services support it; some even require it. Using an app on your phone, you're given an additional one-use password that expires after 30 seconds. It means that even if your password is lost to an attacker, they'd still need to bypass the 2FA layer to access your account.
No web system is 100% unbreakable, but adding 2FA adds a much-needed layer of additional defense against low-level threats to your account security. It can be a hassle to set up and use, for sure, but having your accounts broken into can cause a much bigger headache. Nobody thinks it will happen to them until it does.
Recently, I had a friend lose his Microsoft Account to password thieves, and another friend's son lose his Discord account in a similar way. Also similarly, neither had 2FA set up on their accounts, which would have protected them against password theft.
Here's a quick crash course on how to set up 2FA with the Microsoft Authenticator app.
Update: We're giving this a bump because it's Cybersecurity Awareness Month! Be sure to get your fam set up on 2FA to prevent data loss, or worse, fraud and theft.
Grab Microsoft Authenticator for Android and iOS
There are other authenticator apps out there, but I find Microsoft's to be among the more robust. With business-grade security cloud investments, Microsoft's Azure platform is among the least likely to be breached overall. Sadly, Microsoft Authenticator is not available on Windows 10 itself, but you can get the password synchronization service within Microsoft Edge.
- Download Microsoft Authenticator for Android
- Download Microsoft Authenticator for iOS (opens in new tab)
General tips on setting up 2FA
Microsoft Authenticator works best when paired with a Microsoft Account. If you use Xbox Live or have a Hotmail or Outlook email address, the account you use with those platforms is also a Microsoft Account. If you want to grab one, you can do so for free on the Microsoft website.
Once you sign into Microsoft Authenticator with your Microsoft Account, it will sync and back up any authentication codes you put into the app. If you lose or get a new phone, you'll be able to sign into the authenticator and download backups of your authentication codes from the internet.
Once you're in the app, you can begin adding accounts from various other platforms into the app for safety and security. Practically every major service from Amazon to Zoom, has a 2FA security setup option. Generally, you will find it in your account settings, under security, in the vast majority of services. Setting up an authenticator app is more secure than using SMS-based codes for 2FA, but if you lose your authentication device, recovering your accounts can become tricky. To that end, most providers also give you a series of encryption keys you can print off and store in a secure location physically. These are typically called "backup codes," and are typically found in the same vicinity as 2FA and other security features of your app.
Typically, your Microsoft Authenticator app also uses a pin code to stay secure, or biometrics. If you have a fingerprint scanner, this provides an additional layer of security.
As an example, let's set up a 2FA code sequence using Microsoft Authenticator and Reddit.
- Inside the Microsoft Authenticator app, select Add Account.
- There will be three options. Personal Account is for your Microsoft Account, you should sign in with this first to set up synchronization if you haven't already. Work and School Account is for business Microsoft 365 users.
- For accounts like Reddit, Facebook, Amazon, PayPal, and so on, you'll want to select Other Account.
- It will request access to your camera, select Yes to allow your camera to be used. It will ask you to scan a QR code.
- In your service's security section, there will be information about 2FA or Two-Factor Authentication somewhere.
- Once enabled, it will give you a QR code like the above picture. Scan it using your Microsoft Authenticator app.
- It will then start providing you with codes. Use the code to start syncing 2FA codes between your app and the account you're trying to set up, such as Reddit in this example.
- The next time you sign in with an unrecognized device, it will ask to take a code from your app.
Ideally, you should set this up on literally every account you have, your central email being the most important one. Retain your backup codes at the very least for your central email account, so you always have something to fall back on. Also check in with your phone provider to make sure your security options are up to date, one scam involves tricking your phone provider into giving an attacker access to your sim card, which would bypass 2FA if you're using SMS.
Jez Corden is the Managing Editor for Windows Central, focusing primarily on all things Xbox and gaming. Jez is known for breaking exclusive news and analysis as relates to the Microsoft ecosystem while being powered by caffeine. Follow on Twitter @JezCorden and listen to his Xbox Two podcast, all about, you guessed it, Xbox!
I've been using Microsoft Authenticator since W10M. I was lucky to have one linked to my hotmail account. On 2017 my hotmail hacked by PC with IP address in Nigeria. The attacker change my phone number in Hotmail setting hence i could not reset password via OTA authentication.
Then I managed to reset my hotmail password using token provided by Authenticator. I recovered back my account and reported the case to Microsoft. Now i have Authenticator installed on My Android to continue backing up my hotmail account.
I couldn't get away from the Authenticator App fast enough, what a hot mess that was! It still haunts me!
Is there a way to use 2FA without relying on a phone? I have it set up on a couple of accounts but I virtually never have my phone with me when I’m at the computer so I always have to walk across the house to get it. Can I link accounts to a 2FA that I can approve directly from my PC?
Many accounts will let you use email, but that can get sketchy too, as many people (let's face it) reuse passwords. It's best to have your phone number itself as a backup plan. My only real issue with the authenticator (and others like it) is that you have to be careful in case your phone gets erased. I was able to recover my account in that situation, but I imagine many would be lost in those circumstances.
I don't own one but wouldn't 2FA key (such as Yubico) solve your problem?
Yes, I use Authy for this reason. It's way better IMO and has a Desktop version it can all allow you to do backups of your 2FA account of you wish in case you lose/change your phone.
I use Authy on Android
I use Microsoft Authenticator. It's fine. Plus Authenticator has added password manager functionality.
I was quite happy with SMS 2FA until i was locked out of my Amazon account as their SMS service suddenly stopped working internationally and the drama I had to thru to get it removed. Now use Authy where possible. Gets rid of SMS and the account can be used on more than one device.
I use MS authenticator and it's been great...
I would just appreciate it if companies who require 2FA, provide some varied methods of authentication. Where I work, along with 1000 others, we can't have our cell phones, can't install other apps on our PCs and can't access personal e-mail. Kind of limits the usual options, authenticator, e-mail, SMS... This made a couple of things I have completely useless to me. My home security can be accessed via web, but since the company has mandated 2FA, I can no longer access the system. Can't get the code.
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.