How to configure two-factor authentication on your Microsoft account (step-by-step)


It’s here folks, better late than never, Microsoft is slowing rolling out two-factor authentication to further secure the Microsoft account — the one passport to access Xbox Live,, SkyDrive, Skype, Office, to unlock your Windows 8 PCs, and practically everything else.

It is not a requirement, but you should enable it, because it will enhance the security of your Microsoft account and it becomes harder for untrusted individuals from stealing your password and gaining access to your information.

For those unfamiliar, this is a widely standard method by now, which in this case, Microsoft will ask you to provide two forms of identification to access your account: your password, plus a code that can be generated by an app or send to your phone or email — very similar to what Google and Apple already offer for their accounts.

Microsoft has also made available a Windows Phone app called Authenticator to generate the second verification code, however you can also use the Google Authenticator app for Android or iOS.

Although the 2-step verification brings a welcome security feature, it will not work with linked accounts. This means that you’re required to unlink the account before using the new verification feature.


Head over to, in the Security info page, click Set up two-step verification and click Next. You’ll be given the choice to select how you want to enable this new security feature, either by using the authenticator app, using your phone or an alternate email address to receive the security code.


Quick Tip: Microsoft’s new two-factor authentication is standard, as such you can also use the Google Authenticator app for Android or iOS to generate a code.

If you choose to use the Authenticator app, just run the app, scan the barcode with the built-in camera in your phone, enter the code, and click Pair. Once your account and your phone are paired, you’ll need to enter your password and a new security code that is generated in your phone app every 30 seconds to sign-in.


In case you want to use your phone instead, select the option from the drop-down menu. Then enter your phone number and choose how you want to receive the code, by text or call.


Quick Tip: If you don’t want to enter your phone number, but you have a Google Voice number, you can use it too. However you’ll need to make sure to choose the Call option, because you may not receive the code by text message.

Alternatively, the easiest (but more time consuming) way would be using a different email address.


In case you’re already confused, you don’t need to choose two of these options. The two-factor authentication means that you’ll need to enter your account password, in addition to one of these options. That is, of course, if you don’t choose the option “I sign in frequently on this device. Don’t ask me for a code.”, in which case you won’t be required to enter a second form of verification.

Dealing with unsupported devices and apps

Thus far, everything works great, but there is a little problem, some apps like the mail app in some smartphones or other devices such as the Xbox 360, do not support a secondary security code to sign in to the account. To solve this issue, you’ll need to create a unique app password — you have to configure this once.


If this is the case, use the link mentioned above to access the Security info page, scroll down, under the App passwords section, click the Create a new app password. Write down or copy and paste the generated password to the app or device you’re intending to access to finish.

Although it may seem like a tedious process, it is actually something pretty simple to do, you basically have to supply a second method to verify you are the owner of your account every time you sign-in to your Microsoft account.

Image Source Flickr by  Alexandre Dulaunoy