How to set up two-factor authentication (2FA) on a Microsoft account

Microsoft account two-step verification
Microsoft account two-step verification (Image credit: Mauro Huculak)

Microsoft accounts come with support for two-step verification (also known as "two-factor authentication," "2FA," or "multi-factor authentication") to add a second layer of verification to increase security, making it harder for hackers to gain access to your data and your Windows 11 computer.

In short, if the password were compromised, it'd be virtually impossible to sign into the account since the malicious individual would need a second form of authentication that only you can provide.

If you want to set up two-step verification, you will have to use the Microsoft Authentication app. Once the feature has been enabled, it will prompt you to authenticate with your phone to verify you are you.

In this how-to guide, I will walk you through the steps to configure two-step verification on your Microsoft account to prevent unauthorized access to Outlook, OneDrive, Microsoft 365, Xbox Network, and other Microsoft services.

How to enable two-step verification on Microsoft account

Configuring the two-step authentication security feature requires having the Microsoft Authenticator app on your phone and then enabling the option in the Microsoft account.

Set up Microsoft Authenticator app

The first step to add an extra security layer to your account is configuring the Microsoft Authenticator app. These steps are meant to set up the app on an Android device but should be similar for iOS devices. (If you already have the app on your phone, you can skip the steps below and continue with the feature setup instructions.)

To install the Microsoft Authenticator app on Android, use these steps:

  1. Open Google Play Store.
  2. Search for the Microsoft Authenticator app.
  3. Tap the Install button.
  4. Tap the Open button.

(Image credit: Mauro Huculak)
  1. Tap the I agree button to continue.
  2. Tap the "Sign in with Microsoft" button.
  3. Confirm your Microsoft account address.
  4. Click the Next button.
  5. Confirm your account password.
  6. Click the Sign in button.
  7. Select the verification method — for example, a secondary email address.
  8. Complete the verification.
  9. Tap the Got it button.
  1. Tap the OK button (if applicable).

Once you complete the steps, a notification will appear on your phone to approve and continue the sign-in automatically when signing into your account.

Set up two-step authentication

The next step is to set up two-step authentication on your Microsoft account. However, before proceeding, it is critical to have multiple contact information to prevent getting locked out of the account. If you need to update your security information, use the steps below to continue setting up the feature.

To enable the verification feature, use these steps:

  1. Open Microsoft account (web).
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the "Advanced security options" tile.

(Image credit: Mauro Hucualk)
  1. Click the Turn on option for two-step verification under the "Additional security" section.

(Image credit: Mauro Huculak)
  1. Click the Next button.

(Image credit: Mauro Huculak)
  1. (Optional) If you use the Outlook app on your phone, select the platform, and follow the directions to enable the app to sync your emails with an app password.
  2. Click the Next button again.

(Image credit: Mauro Huculak)
  1. Click the Finish button.

(Image credit: Mauro Huculak)

After you complete the steps, when logging in from an unrecognized device, you will receive an alert on the phone to confirm access to the account.

How to add security info for two-step verification

When you enable two-step verification on a Microsoft account, the second form of authentication request will appear every time you sign in. Also, if you forget the password, you must have two contact methods to regain access. As a result, before enabling the feature, you must ensure the account has at least three secondary contacts, which can be a mix of emails or phone numbers.

To add security information to a Microsoft account, use these steps:

  1. Open the Microsoft account on the web.
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the "Advanced security options" option.

(Image credit: Mauro Hucualk)
  1. Click the "Add a new way to sign in or verify" option under the "Ways to prove who you are" section.

(Image credit: Mauro Huculak)
  1. Select the verification option — for example, "Email a code," but you can choose an app, SMS message, Windows Hello, or security key.

(Image credit: Mauro Huculak)
  1. Confirm the alternative email address.
  2. Click the Next button.
  3. Check the code in the alternative email account.
  4. Confirm the code on the Microsoft account page.
  5. Click the Next button.

Once you complete the steps, as you access the account, you can complete the security code using one of the contact methods on the account.

How to create an app password for two-step verification

The two-step authentication method is not supported by all platforms and apps, which means that in some cases, you may need to create an app password to access a Microsoft product like Outlook.

To create an app password on a Microsoft account, use these steps:

  1. Open Microsoft account  (web).
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the "Advanced security options" option.

(Image credit: Mauro Hucualk)
  1. Click the "Create a new app password" option under the "App passwords" section.

(Image credit: Mauro Huculak)
  1. Use the generated password on the app or device that doesn't support a security code.

(Image credit: Mauro Huculak)
  1. Click the Done button.

After you complete the steps, the app will be able to access the Microsoft account while two-step verification is enabled.

Delete app passwords

To delete an app password on a Microsoft account, use these steps:

  1. Open Microsoft account (web).
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the "Advanced security options" option.

(Image credit: Mauro Hucualk)
  1. Click the "Remove existing app passwords" option under the "App passwords" section.

(Image credit: Mauro Huculak)
  1. Click the Remove button.
  2. Click the OK button.

Once you complete the steps, the existing app passwords will be deleted from the account, revoking app access on any device on which you had the account configured.

How to disable two-step verification on Microsoft account

Although not recommended, you can disable 2FA to use the traditional authentication process.

To disable two-step verification, use these steps:

  1. Open Microsoft account (web).
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the "Advanced security options" option.

(Image credit: Mauro Hucualk)
  1. Click the Turn off option under the "Additional security" section.

(Image credit: Mauro Huculak)
  1. Click the Yes button.

After you complete the steps, you will continue to receive security access codes when the system detects a security risk.

If you turn off the security feature, you must also update the services you previously configured with an app password to use the traditional authentication method (password).

More resources

For more helpful articles, coverage, and answers to common questions about Windows 10 and Windows 11, visit the following resources:

Mauro Huculak

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.