Enable Two-Factor Authentication with Microsoft Accounts and Outlook.com

In the wake of all the email security breaches we’ve had over the last few years, it’s time to enable two-factor authentication on any account that’s important to you. Thanks to various leaks, many crackers have started relying on hacking email addresses in combination with passwords to gain access to user accounts.

Luckily, Microsoft makes available two-factor authentication on all Microsoft accounts — these are the accounts used to access Outlook.com, Skype, your Windows Phone services, and more. In this article, I’ll take a look at how to enable two-factor authentication on your Microsoft account.

What is two-factor authentication?

Two-factor authentication involves two factors: The first is something you have and the second factor is something you know. To log into an account or service that has two-factor authentication enabled, you are generally prompted to enter your username and password, where the service then texts a one-time code to your mobile phone that you will enter in the next step of the login process. By enabling this protection, your account and password security are increased  because any nefarious characters would also need to have access to mobile device, which is generally something that’s always in your possession.

Enabling two-factor authentication on Microsoft accounts

It is fairly easy to get set up. Sign in to your Microsoft account and click the Security & privacy link located at the top of the page. You’ll be directed to the Security settings page, where you’ll find a two-step authentication option below.

Microsoft account security settings. (Image Credit: Blair Greenwood)
Microsoft account security settings. (Image Credit: Blair Greenwood)

Under the two-step authentication option, click Set up two-step verification. 

Two-step authentication in Microsoft accounts. (Image Credit: Blair Greenwood)
Two-step authentication in Microsoft accounts. (Image Credit: Blair Greenwood)

Next, you’ll be directed to a screen that explains more about the process of setting up two-step verification through Microsoft. Click Next to proceed.

Set up two-factor authentication in Microsoft accounts. (Image Credit: Blair Greenwood)
Set up two-factor authentication in Microsoft accounts. (Image Credit: Blair Greenwood)

Next, Microsoft will prompt you to select the platform your smartphone operates on. If you’re not interested in the authenticator app or you don’t own a smartphone, you can click Set it up later. You may want to consider using the authenticator app opposed to voice calls or SMS text messages because the app acts similar to RSA SecurID tokens that presents a one-time password code that the app will accept. As a result, the app doesn’t need a network connection to get a code sent by the service because the algorithm matches up the codes in a preconfigured way.

Set up an identify verification app. (Image Credit: Blair Greenwood)
Set up an identify verification app. (Image Credit: Blair Greenwood)

The service generally uses the Google authenticator app, which you can pair with your Microsoft account by scanning a QR code.

Next, you can choose how to verify your identity outside of the authenticator app. You can have voice calls or text messages sent to the number already included in your profile. You need to verify your identity once through the service, and after you do that and enter the code properly, you will receive a recovery code, which looks a lot like a regular product license key. Save this in a safe place so that you can use it to restore access to your account if you ever get locked out for some reason.

Two-step verification turned on for Microsoft accounts. (Image Credit: Blair Greenwood)
Two-step verification turned on for Microsoft accounts. (Image Credit: Blair Greenwood)

Next, the wizard will prompt you to set up an app password for your Android, iPhone, or Blackberry smartphone. If it senses that you have synced a Windows Phone 7 or 8 device to your Microsoft account, it will give you directions on replacing your current password with the newly generated app password. You can come back to this section later if you need to look at it again, which you probably will need to do with your Xbox, Outlook desktop application, Office, Windows Essentials, or (and heaven help you if you use this) the Zune desktop app will all need new app passwords. Click Next to finish the process.

Generating App Passwords

To get new app passwords for programs that do not support the use of one-time codes, navigate to the App Passwords option, located in the Security & privacy tab, which is the same tab that we used to find the two-step verification option. Click Create a new app password, where the service will automatically generate a password for you. Write this down, and follow the instructions to use it in the app. If you’ve already set up app passwords, you can also click the Remove existing passwords option, too.

Update Your Security Best Practices Now

Using passwords as your sole security measure is so 2004. Enable two-step verification on your Microsoft accounts today so that you can be worry free when the next massive security leak hits.