Microsoft account two-step verificationSource: Windows Central

On a Microsoft account, two-step verification (also known as "two-factor authentication," "2FA," or "multi-factor authentication") is a feature that adds a second type of verification to increase security to make it harder for malicious individuals to gain access to your account.

In the case that someone was able to figure out your password, without the second form of authentication, it will be virtually impossible to access the account.

If you use a Microsoft account, you can use the Microsoft Authenticator app to set up two-step verification. Once the feature is enabled, you will need to confirm a security code using your phone to validate that you're who you say you are every time you sign in.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

In this Windows 10 guide, we will walk you through the steps to set up two-step verification on your Microsoft account to add an extra layer of security to prevent unauthorized access to Outlook, OneDrive, Microsoft 365, Xbox Network, and other services.

How to enable two-step verification on Microsoft account

The two-step authentication with a Microsoft account is a two-step process. First, you need to configure the Microsoft Authenticator app on your phone, and then, you need to enable the feature inside the account.

Set up Microsoft Authenticator app

If you want to add an extra layer of security with two-factor authentication, you will first need to set up the Microsoft Authenticator app on your Android or iOS devices. In the steps below, we will outline the instructions to set up the app on an Android device, but the process is similar for iOS devices.

To set up the Microsoft Authenticator app, use these steps:

  1. Open Google Play Store.
  2. Search for Microsoft Authenticator app.
  3. Tap the Install button.
  4. Open the app.
  5. Tap the Add personal account button.

    Microsoft Authenticator app setupSource: Windows Central

  6. Sign in with your Microsoft account details.
  7. Click the Next button.
  8. Click the Got it button.

Once you complete the steps, you will receive a notification on your phone to approve and continue the login automatically when signing into your account.

Set up two-step authentication

The last step is to turn on the two-step verification feature on the Microsoft account.

Before proceeding, it is essential to have multiple contact information to prevent getting locked out of the account. If you need to update your security information use the steps below and then continue setting up the feature.

To enable a more secure verification feature in your account, use these steps:

  1. Open the Microsoft account on the web.
  2. Sign in with your credentials.
  3. Click the Security tab.
  4. Click the Two-step verification option on the top-right of the page. Or click the Advanced security options tile on the page.

    Microsoft account two-step verification optionSource: Windows Central

  5. Under the "Additional security" section, click the Turn on option for two-step verification.

    Enable two-step verificationSource: Windows Central

  6. Click the Next button.

    2FA setup on Microsoft accountSource: Windows Central

  7. (Optional) If you also use the Outlook app on your phone, select the platform, and follow the directions to enable the app to sync your emails with an app password.
  8. Click the Next button again.

    Microsoft account smart phone app passwordSource: Windows Central

  9. Click the Finish button.

    Two-factor authentication app password recommendationsSource: Windows Central

After you complete the steps, when trying to log in on an unrecognized device, you will receive an alert on your phone to confirm you are the one trying to sign in.

How to add security info for two-step verification

When enabling two-step verification, you will be prompted a second form of authentication every time you sign in. Also, if you forget your password, you will have two contact methods to regain access to your account. As a result, before enabling the feature, you have to make sure you have a least three secondary contact information, which can be a mix of emails or phone numbers.

To add security information to your Microsoft account, use these steps:

  1. Open the Microsoft account on the web.
  2. Sign in with your credentials.
  3. Click the Security tab.
  4. Click the Advanced security options tile.

    Advanced Security OptionsSource: Windows Central

  5. Under the "Ways to prove who you are" section, click the Add a new way to sign in or verify option.

    Add a new way to sign in or verifySource: Windows Central

  6. Select the verification option — for example, Email code, but you can choose an app, phone text, Windows Hello, or security key.

    Microsoft account recovery optionsSource: Windows Central

  7. Confirm the alternative email address.

    Add alternative email address to Microsoft accountSource: Windows Central

  8. Click the Next button.
  9. Check the code in the alternative email account.
  10. Confirm the code on the Microsoft account page.

    Microsoft account code verificationSource: Windows Central

  11. Click the Next button.

Once you complete the steps, when you try to access the account, you can complete the security code using the contact methods you added on the account if two-step verification is enabled.

How to create an app password for two-step verification

If you use a device or app that does not support two-step verification, you will need to create an app password.

To create an app password on a Microsoft account, use these steps:

  1. Open the Microsoft account on the web.
  2. Sign in with your credentials.
  3. Click the Security tab.
  4. Click the Advanced security options tile.

    Advanced Security OptionsSource: Windows Central

  5. Under the "App passwords" section, click the Create a new app password option.

    Create a new app password optionSource: Windows Central

  6. Use the generated password on the app or device that doesn't support a security code.

    Use this app password to sign inSource: Windows Central

  7. Click the Done button.

After you complete the steps, the app or device should be able to access your account while two-step verification is enabled.

Delete app passwords

If you no longer need the app passwords, you can delete them with these steps:

  1. Open the Microsoft account on the web.
  2. Sign in with your credentials.
  3. Click the Security tab.
  4. Click the Advanced security options tile.

    Advanced Security OptionsSource: Windows Central

  5. Under the "App passwords" section, click the Remove existing app passwords option.

    Microsoft Account remove existing app paswordsSource: Windows Central

  6. Click the Remove button.
  7. Click the OK button.

Once you complete the steps, the existing app passwords will be deleted from the account revoking apps access to the account.

How to disable two-step verification on Microsoft account

In the case that you no longer need to use the security feature, you can disable it to revert the settings to use the less secure one-step verification.

To disable two-step verification, use these steps:

  1. Open the Microsoft account on the web.
  2. Sign in with your credentials.
  3. Click the Security tab.
  4. Click the Advanced security options tile.

    Advanced Security OptionsSource: Windows Central

  5. Under the "Additional security" section, click the Turn off option.

    Microsoft account two-step verification disable optionSource: Windows Central

  6. Click the Yes button.

    2FA disable confirmation optionSource: Windows Central

After you complete the steps, you will continue to receive security codes from time to time and when the account detects a security risk.

In addition to disabling the feature, you may also need to update the apps and services you configured with an app password to use a traditional authentication with a password.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

We may earn a commission for purchases using our links. Learn more.