A couple of weeks ago, I showed you how to set up two-factor authentication (2FA) for Office 365 users. In today’s Ask the Admin, I’ll show you how to do the same thing but for consumer Microsoft Accounts.
Passwords are easily stolen or guessed, so it’s important not to rely on them alone. Multifactor authentication adds one or more factors, in addition to your password, to make it harder to use guessed or stolen credentials. A second factor might be something you have, such as a smartphone or token, along with something you know, like a password.
Enabling 2FA for a Microsoft Account is relatively simple, and a smartphone application, email, or phone number can be used as the second form factor. If you are exclusively using Windows and Microsoft apps, you’ll find that enabling 2FA doesn’t cause any applications compatibility issues. If you are using apps with your Microsoft Account on other platforms, you might be required to enter app passwords where 2FA isn’t directly supported.
For more information on how to enable 2FA in Office 365, see Enable Multi-Factor Authentication for Office 365 Users on the Petri IT Knowledgebase.
Before starting, it’s worth considering Microsoft’s advice about keeping three pieces of security information on your account. That means that your contact details should be up-to-date, and if you forget your password, you will need two contact methods if 2FA has been enabled.
In the instructions that follow, I’ll set up 2FA for my Microsoft Account using the Microsoft Authenticator app installed on a Windows 10 Mobile device. The Microsoft Authenticator app provides the most convenient and secure means of using 2FA. You can download the app here for Windows 10 Mobile. For iOS or Android devices, you can find Microsoft Authenticator in the Apple or Google Play stores respectively. The instructions for iOS and Android devices will vary slightly from what follows.
If you need to add a phone number or alternate email address, click Add security info and fill out the required information. You’ll need to verify the number or address you provide.
If you’re not using Windows Phone, you’ll be prompted to scan a barcode on the Set up the Microsoft Authenticator app screen.
2FA is now enabled for your Microsoft Account. On trusted devices, you won’t be required to provide a second factor when logging in. On all other devices, you will need to use the second factor when signing in.