How to enable two-step verification and protect your Microsoft account on Windows 10

With hackers becoming more sophisticated, your online accounts can easily fall into the wrong hands if your password isn’t quite strong enough. In the case of a Microsoft Account, that can be especially devastating. Most people usually use a Microsoft Account to log into a Windows PC. And, Microsoft Accounts are home to billing information, photos, documents, and a lot more sensitive information.

Microsoft makes it easy to avoid those troubles by protecting your account through two-step verification. This makes it more difficult for someone else to sign into your Microsoft Account by using two forms of identity, both your password and some security information.

When using two-step verification, if someone else manages to get your password, then they won’t be able to get into your account without the secondary security information. You also can add a third layer of security, too. Here’s a look at how you can enable two-step verification on your Microsoft Account.

Prerequisites

To set up two-step verification, you’ll need an email address that’s different from the one on your account, or a phone number, or an authenticator app like Microsoft Authenticator. When you have one of these, each time you sign in on a new device or new location, you’ll get a security code at that number or email. Microsoft recommends using Authenticator, but we’ll get into that later.

Getting started

Once you’re set to go, you’ll need to head to the Security basics page, and sign in with your Microsoft Account. From there, choose Advanced security options, and click the Get Started link. You can then look for Two-step verification under the Additional Security section. After that, choose Set up two-step verification to turn it on. Follow the directions on the screen and enter in either an alternate email address or phone number, and complete the process. You’ll be emailed or texted a code to verify your identity during the initial setup process.

Other notes

If everything goes well with setting up two-step verification, then you’ll want to be aware of a couple of things. Some apps might not be able to use regular security codes on some apps if you sign in with a Microsoft Account, If this is the case, you’ll need an app password for that device. These passwords can be found under the App passwords section on the Additional security page. If you’re not sure about this, you can check Microsoft’s support page here for more information.

We do have an additional note in regards to two-step verification. If you forget your password when you have two-step verification turned on for your account, you can reset your password as long as Microsoft has two ways to contact you. That can be one of the alternate contact email addresses or a phone number that you used when you turned on two-step verification. You might get two reset codes to verify your identity.

Finally, with two-step verification turned on, each time you set up a new PC with your Microsoft Account, you’ll be required to enter in a security code. Again this is to ensure that you are who you say you are and that your account isn’t in the wrong hands.

Using Microsoft Authenticator

We’ll end our piece by mentioning Microsoft Authenticator. With the Microsoft Authenticator app on iOS and Android, you can skip out on the one-time codes and use a dedicated app to approve your logins instead. We talked about how you can set things up here. Your passwords are secure, too. There’s face recognition, or a PIN to log in to your Microsoft account via your phone. And, Authenticator will sync all of your saved passwords stored in Edge, allowing you to see all your passwords.

Windows security

Using two-step verification is just one way to keep yourself safe. On Windows, you should also enable TPM and Secure Boot, so your PC has extra protection against unauthorized access. You also should use Windows Defender, so you can have the latest security signatures protecting your PC against malware and spyware.