How to make your Microsoft account more secure with two-step verification and keep hackers at bay

About a week ago Microsoft made your account more secure. If you use any Microsoft service or product you own a Microsoft Account. You use that account to sign into your Windows Phone to download apps and track the phone if you ever lose it. On Xbox it’s associated with your Gamertag and allows you to carry your profile from Xbox to Xbox and keep your Gamerscore and Achievements synced. On Windows 8 it allows your settings and wallpapers’ to sync across your laptop, desktop, and tablets.

If you’re in anyway shape or form using a Microsoft product you need to enable two-step verification to keep your account secure. Here’s how to set it up.

Why two-step verification?

The first thing you’re probably asking yourself is why do I need two-step verification? Short answer? You have one account that connects you to a variety of services and products, it’s too important to not do everything you can to protect that account.

Right now you have your email address and password keeping your digital world safe. Two-step verification works by adding another step in the mix to gain access to your account when you login. In addition to your password you’ll be using a code. That code is generated in a variety of ways, either through email, an SMS message, phone call, or authenticator application. It’s an extra layer of protection and totally worth it if you value what your Microsoft account has access to.

Let’s set up two-step verification for your Microsoft Account

Part 1

  1. Head on over to account.live.com to get started. Under ‘Overview’ on the left side, click on ‘Security info’.
  2. Make sure you’ve added your cell phone number under ‘Phone number’. If you haven’t add it and follow the prompts.
  3. Under ‘Two-step verification’ click on ‘Set up’. Next we’ll be following the on screen prompts to set it up. Have your Windows Phone nearby to receive your verification code.
  4. Enter the code that was just sent to you.
  5. That’s it. You’ve turned on two-step verification.

Authenticator app

Now that you’ve turned on two-step verification your account is secure. Every time you try to log into a service that uses your Microsoft Account, like accessing your SkyDrive through the browser, you’ll need to enter a code in addition to your password. Usually you’ll have your smartphone with you and can opt to receive that code with your via text. But what if you’re on a plane or subway with no cell service? Download an authenticator app, like this one for Windows Phone to generate those codes.

QR: Authenticator App

Under ‘Security info’ you’ll see a section called ‘Authenticator app’, here’s where we’ll pair the authenticator app you just downloaded with your Microsoft account. The screenshot below shows you what you’ll see when pairing the app. In my personal experience I had to hold the phone a little further from the computer screen with this app compared to others. Once you’ve scanned you’ll be given a code that you’ll enter to pair. Those codes will show up on your screen for a short time, so don’t waste time in entering them. If you miss it, just wait for another code to generate on the screen.

Part 2

The really cool thing about the Authenticator app from Microsoft is that you can use it with other services that allow two-step verification. Some reviewers in the Store note that the app works with Dropbox, Facebook, and Google. Although for the last two you’ll need to directly enter a code to pair as opposed to using a QR code.

App passwords

Some services and products that require a Microsoft account have may not support two-step verification just yet. For example, your Xbox 360 and Windows Phone. So what do you do? Generate an app password for the devices.

When you launch your Xbox 360 and want to download your profile or don’t have the password saved to the device you’ll need to head make sure you have your laptop nearby. Again, login to account.live.com and go to ‘Security info’ and scroll down to ‘App passwords’. Click ‘Create a new app password’. You’ll then be given a bunch of random letters that you enter into your Xbox in place of your regular Microsoft account password (even though the Xbox dashboard is asking for your ‘Microsoft account password’).

App Password Generation

App passwords will work when the device or service doesn’t support two-step verification. What about your Windows Phone? I reset my Lumia 620 to see what would happen with it after enabling two-step verification for my Microsoft account. Guess what? My normal Microsoft account password wouldn’t work. After creating an app password like detailed above I was able to put my Microsoft account onto the newly reset Lumia 620. My daily driver, the Lumia 920, hasn’t had account syncing problems the past few weeks, but I had a buddy enable two-step for his account. Sure enough, on his HTC 8X he had to update his Microsoft account password to one generated by the ‘app password’.

TL;DR

First off, you don’t be lazy, go up and read this. But if you’re short on time…

  • Enable two-step verification for your Microsoft account for increased security
  • Two-step verification works by requiring a code to be entered in addition to your password
  • Codes are generated by either text, call, email, or an authentication app
  • Some devices, like your Windows Phone or Xbox, don’t support it yet. You’ll need an app password in place of your regular password for your Microsoft account
  • Generate app passwords on account.live.com

This is a lot to take in, but overall things should go smoothly. If you do run into any problems sound off below with questions and the Windows Phone community (you and other commenters) will do the best to help you out.

Sam Sabri