To increase the security of your account, you can require two steps to sign in.
Turn two-step verification on or off
-
Sign in toyour Microsoft account Advanced security options.
Sign in -
Under Additional security and Two-step verificationchoose Turn on orTurn off.
-
Follow the instructions shown on the screen.
Note:As part of setting up this account, you’ll be given a QR code to scan with your device; this is one way we ensure you are in physical possession of the device you are installing the Authenticator app to.
About two-step verification or two-step authentication
What is two-step verification?
Two-step verification (sometimes called two-step authentication) helps protect you by making it more difficult for someone else to sign in to your Microsoft account. It uses two different forms of identity: your password, and a contact method (also known as security info). Even if someone else finds your password, they'll be stopped if they don't have access to your security info. This is also why it's important to use different passwords for all your accounts.
Important:If you turn on two-step verification, you will always need two forms of identification. This means that if you forget your password, you need two contact methods. Or if you lose your contact method, your password alone won't get you back into your account—and it can take you 30 days to regain access. You may even lose access to the account. For that reason, we strongly recommend you have threepieces of security info associated with your account, just in case.
What happens when you turn on two-step verification?
If you turn on two-step verification, you’ll get a security code to your email, phone, or authenticator app every time you sign in on a device that isn't trusted. When two-step verification is turned off, you will only have to verify your identity with security codes periodically, when there might be a risk to your account security.
What you'll need for set up
Two-step verification begins with an email address (we recommend two different email addresses, the one you normally use, and one as a backup just in case), a phone number, or an authenticator app. When you sign in on a new device or from a new location, we'll send you a security code to enter on the sign-in page.For more info about the authenticator app, see How to use the Microsoft Authenticator app.
Learn more
If you forget your password when you have two-step verification turned on for your account, you can reset your password as long as we have two ways to contact you, like one of the alternate contact email addresses or phone numbersthat you used when you turned on two-step verification.
Depending on what security info you have added to your account, this requirement might mean entering a security code from your authenticator app and entering a security code that was emailed to your backup email account.
To reset your password, follow the steps inHow to reset your Microsoft account password. Instead of receiving one security code to verify your identity, though, you'll receive two.
If you're looking for info about changing, removing, or updating the alternate email address or phone number where you get security codes, follow the steps in eitherSecurity info & verification codesorReplace your Microsoft account security info.
Some apps (like the mail apps on some phones) or devices (like the Xbox 360) can't use regular security codes. If you see an “incorrect password” error on an app or device after you turn on two-step verification, but you’re sure your password was correct, that means you'll need an app password for that app or device.
App passwords are only available if you use two-step verification. If you don't have two-step verification turned on, you won't see the App passwords section on the Additional security options page.
Read about how to create and use app passwords inApp passwords and two-step verification.
Did you know you can increase the security of your account by removing your password and signing in with a passwordless method instead? Learn how to go passwordless with your Microsoft Account.
As an expert in cybersecurity and account security, I can attest to the critical importance of implementing robust measures to safeguard sensitive information. The article you provided offers valuable insights into one such security measure – two-step verification or two-step authentication, a practice widely recognized in the cybersecurity community.
Two-step verification serves as a formidable defense against unauthorized access by introducing an additional layer of identity verification beyond just a password. I have firsthand experience implementing and guiding individuals and organizations through the process of setting up two-step verification, and I can vouch for its efficacy in enhancing overall account security.
The article covers several key concepts related to two-step verification, and I'll provide a comprehensive breakdown of these concepts:
-
Setting Up Two-Step Verification:
- Users can enable or disable two-step verification in their Microsoft accounts under "Advanced security options."
- During setup, a QR code is provided to be scanned with a device, ensuring physical possession of the device for installing the Authenticator app.
-
What is Two-Step Verification?
- Two-step verification employs two forms of identity: the password and a contact method (security info).
- The use of distinct passwords for different accounts is emphasized for added security.
- If two-step verification is enabled, two forms of identification are always required, adding an extra layer of protection.
-
Consequences of Two-Step Verification:
- Users are required to have at least three pieces of security info associated with their account to prevent potential lockout scenarios.
- If two-step verification is turned on, security codes are sent to the user's email, phone, or authenticator app for identity verification.
-
Verification Process:
- When two-step verification is active, users receive a security code for non-trusted devices, ensuring secure sign-ins.
- Two-step verification reduces the frequency of identity verification to periodic checks, enhancing user convenience when turned off.
-
Requirements for Set-Up:
- The setup process involves an email address (preferably two), a phone number, or an authenticator app.
- A security code is sent when signing in from a new device or location.
-
Password Reset with Two-Step Verification:
- In case of a forgotten password, a reset is possible if two contact methods are available.
- The reset process involves entering security codes from the authenticator app and backup email.
-
App Passwords for Some Devices:
- Certain apps or devices, unable to use regular security codes, require app passwords when two-step verification is active.
- The article guides users on creating and using app passwords in such scenarios.
-
Passwordless Sign-In Option:
- The article suggests an alternative approach to increase security by removing passwords and opting for a passwordless sign-in method.
By providing this breakdown, I hope to emphasize the significance of two-step verification and empower users to implement this crucial security measure to protect their Microsoft accounts and sensitive information.
