Microsoft account two-step verificationSource: Windows Central

On a Microsoft account, two-step verification (also known as "two-factor authentication," "2FA," or "multi-factor authentication") is a feature that adds a second step of verification to increase security to make it more difficult for malicious individuals to gain access to your account.

If someone gets ahold of your password, without the second form of authentication, it'll be almost impossible to access your account.

If you're using a Microsoft account, you can use three ways to enable two-step verification, including using an alternative email, phone number, and you can even use the Microsoft Authenticator app. Once the security feature is enabled, every time you sign in from a new location or new device with a password, you'll need to confirm a security code to validate that you're, who you say you are.

Cyber Monday may be over but these Cyber Week deals are still alive

In this Windows 10 guide, we'll walk you through the steps to set up two-step verification on your Microsoft account to add an extra layer of security to prevent unauthorized access to Outlook, OneDrive, Office 365, Xbox Live, and other services.

How to enable two-step verification on Microsoft account

To enable two-step verification on your Microsoft account, use these steps:

Important: Before proceeding, it's crucial to have multiple pieces of contact security information to prevent getting locked out of your account. If you need to update your security information, use the steps below and then continue setting up the feature.

  1. Open your Microsoft account online.
  2. Sign-in with your credentials.
  3. Click the Security tab.
  4. Click the Two-step verification option on the top of the page (or click the More security options button on the page).

    Microsoft Account Security PageSource: Windows Central

  5. Under the "Two-step verification" section, click the Set up two-step verification link.

    Microsoft account two-step verificationSource: Windows Central

  6. Click the Next button.

    Set up two-step verification stepSource: Windows Central

  7. Click the Print code option.

    Microsoft account recovery codeSource: Windows Central

    Quick tip: It's important to save this recovery code in a secure location. Otherwise, if you're no able to complete the security challenge, if you don't have this code, you won't be able to reaccess the account for a least 30 days.

  8. Select the Save as PDF option.

    Microsoft account print recovery codeSource: Windows Central

  9. Click the Save button.
  10. Select the folder location.
  11. Specify a descriptive name for the file.
  12. Click the Save button.
  13. Click the Next button.
  14. (Optional) If you sync your Outlook.com app with an Android, iPhone, or BlackBerry phone, click on the page to display the steps to set up the device with an app password.

    Set up smart phone with app passwordSource: Windows Central

  15. Click the Next button again.
  16. Click the Finish button.

    Microsoft account complete two-step verificationSource: Windows Central

  17. Specify your password.
  18. Click the Sign in button (if applicable).

Once you complete the steps when trying to log in on an unrecognized device, you'll receive a security code in your email account or phone to confirm that you're the one trying to sign-in adding an extra layer of security.

How to add security info for two-step verification

When enabling two-step verification, every time you sign-in, you'll be prompted a second form of authentication. Also, if you forget your password, you'll need two contact methods to regain access to your account. This means that before enabling two-step verification, you have to make sure that you have a least three secondary contact information, which can be a mix of emails or phone numbers.

To add security information to your Microsoft account, use these steps:

  1. Open your Microsoft account online.
  2. Sign-in with your credentials.
  3. Click the Security tab.
  4. Click the Update my info button.

    Microsoft Account Update Security Info OptionSource: Windows Central

  5. Click the Add security info link.

    Microsoft account add security infoSource: Windows Central

  6. Use the "Verify my identity with" drop-down menu, select the An alternative email address option, for example. (Or you can also add a phone number.)

    Microsoft account add email to security infoSource: Windows Central

  7. Click the Next button.
  8. Confirm the code you received in the alternate email.

    Microsoft account confirm security codeSource: Windows Central

  9. Click the Next button.

After you complete the steps, every time you try to sign in, when two-step verification is enabled, you can complete the security code using the contact methods you added on the account.

How to set up Authenticator app for two-step verification

In the case that you don't want to deal with emails, phone calls, or text, you can use the Microsoft Authenticator app to sign in without the need to use a password.

The Authenticator app is available for Android and iOS. In the steps below, we'll show you the instructions to set up the app on an Android device, but the process is similar for iOS devices.

To set up the Authenticator app, use these steps:

  1. Open Google Play Store.
  2. Search for Microsoft Authenticator app.
  3. Tap the Install button.
  4. Open the app.
  5. Tap the Add personal account button.

    Microsoft Authenticator app setupSource: Windows Central

  6. Sign in with your Microsoft account details.
  7. Click the Next button.
  8. Click the Got it button.

After you complete the steps, when signing in to your account, you'll receive a notification on your phone to approve and continue the login automatically.

How to create an app password for two-step verification

If you're using a device or an app that doesn't support two-step verification, then you'll need to create an app password.

To create an app password, use these steps:

  1. Open your Microsoft account online.
  2. Sign-in with your credentials.
  3. Click the Security tab.
  4. Click the More security options button on the page.

    Microsoft Account Security PageSource: Windows Central

  5. Under the "App passwords" section, click the Create a new app password link.

    Microsoft account create app password optionSource: Windows Central

  6. Use the generated password on the app or device that doesn't support a security code.

    Microsoft account app passwordSource: Windows Central

Once you complete the steps, the app or device should be able to access your account while two-step verification is enabled.

How to disable two-step verification on Microsoft account

In the case that you no longer need to use the security feature, you can disable it to revert the settings to use the less secure one-step verification.

To disable two-step verification, use these steps:

  1. Open your Microsoft account online.
  2. Sign-in with your credentials.
  3. Click the Security tab.
  4. Click the More security options button on the page.

    Microsoft Account Security PageSource: Windows Central

  5. Under the Two-step verification section, click the Turn off two-step verification link.

    Microsoft account disable two-step verification optionSource: Windows Central

  6. Click the Remove option.

    Microsoft account remove two-step verification buttonSource: Windows Central

After you complete the steps, you'll continue to receive security codes from time to time, and when Microsoft detects a security risk on your account.

In addition to disabling the feature, you may also need to update the password on those apps and services you configured with an app password.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

We may earn a commission for purchases using our links. Learn more.