Microsoft Account Two-step Verification - Turn On or Off

How to Turn On or Off Two-step Verification for your Microsoft Account

information   Information
"Microsoft account" is the new name for what used to be called a "Windows Live ID." Your Microsoft account is the combination of an email address and a password that you use to sign in to Windows 8 or services like Hotmail, Messenger/Skype, SkyDrive, Windows Phone, Xbox LIVE, Zune, Office Live, and Outlook.com. If you use an email address and password to sign in to these or other services, you already have a Microsoft account—but you can also sign up for a new one at any time.


Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account:
  • Your Microsoft account password
  • An extra security code
Two-step verification helps protect your account by making it more difficult for a hacker to sign in, even if they've somehow learned your password. If you turn on two-step verification, you'll see an extra page every time you sign in on a device that isn't trusted. The extra page prompts you to enter a security code to sign in. We can send a new security code to your phone or your alternate email address, or you can obtain one through an authenticator app on your smartphone.

For more information, see:

This tutorial is a full guide to show you how to either turn on or turn off two-step verification for your Microsoft account.

Note   Note
Some apps (like the mail apps on some smartphones) or devices (like the Xbox 360, for example) can't prompt you to enter a security code when you try to sign in. If you get an incorrect password error with an app or device, you'll need to create a unique app password to sign in. Once you've signed in with your app password, you're all set to use that app or device.

You will need to create and sign in with a different app password for each app or device that can't prompt you for a security code.

For how, see:

Create or Remove App Passwords in your Microsoft Account when Two-Step Verification is Turned On






OPTION ONE

To Turn On "Two-step Verification" for your Microsoft Account


1. If not already, sign in to your Microsoft account that you want to turn on two-step verification for. (see screenshot below)​
sign-in_microsoft_account.jpg
2. If this PC or device is not a trusted device, then you will be prompted to enter and submit a security code sent to your phone or alternate email address. (see screenshots below)​
add_trusted_pc.jpg
email-code-2.jpg
3. You will first need to unlink all Microsoft accounts that are currently linked to the Microsoft account that you want to turn on two-step verification for.​
Note   Note
If you do not unlink the accounts, then you will get a "Can't turn on two-step verification message" below when you try to turn on two-step verification instead.

Note   Note

cant_turn_on_two-step_verification.jpg

5. Under the Two-step verification section, click/tap on Set up two-step verification. (see screenshot below)​
set-up_two-step_verification-1.jpg
6. Click/tap on Next. (see screenshot below)​
Microsoft_account_two-step_verification-2.jpg
7. Do step 8, 9, or 10 below for how you would like to receive you first or second verification code.​
Note   Note
If you had turned off two-step verification (Option Two below) and are just turning it back on, then you will see step 12 below instead if you still have the security info filled out for at least two of the phone number, alternate email address, or authenticator app options.

Note   Note

8. To Use your Alternate Email Address to Receive Code
A) Select Alternate email address, type in an email address, and click/tap on Next. (see screenshot below)​
Microsoft_account_two-step_verification-3c.jpg
B) Check the inbox of this email address for a message from the Microsoft account team, enter the code, and click/tap on Next. (see screenshots below)​
email-code-1.jpg
email-code-2.jpg
C) Go to step 11 below.​
9. To Use a Phone Number to Receive Code
A) Select Phone number, select your location, enter your phone number, select to get the code with a text message or automated call, and click/tap on Next. (see screenshot below)​
Microsoft_account_two-step_verification-3b.jpg
B) Enter the code from the text or call, click/tap on Next, and go to step 11 below. (see screenshot below)​
Phone-code-1.jpg
10. To Use Authenticator App on Smart Phone or Device to Receive Code
NOTE: Clicking/tapping on Skip (see screenshot below step 10E) will skip this and move on to an alternative option to receive a code from instead.​
A) Select Authenticator app, and do step 10B or 10C below depending on what type of phone or device you have. (see screenshot below)​
B) If you have a Windows 8 Phone, then while on the phone get and install the Microsoft's authenticator app, and go to step 10D.​
download-windows-phone.png
turn-off-authenticator-qr.png
C) If you have an iOS, Android, or BlackBerry device/phone, then while on the phone or device, search your app store for an "authenticator app", install it on the device/phone, and go to step 10D.​
Tip   Tip
Here are some good free authenticator apps:
Tip   Tip

Android - Google Authenticator with Barcode Scanner installed.​
D) Open the authenticator app, and scan the bar code in the left screenshot below step 10E.​
E) The authenticator app will now generate a code. Enter this code, click/tap on Next, and go to step 11 below.​
Microsoft_account_two-step_verification-3a.jpg
Microsoft_authenticator.jpg
11. Do step 12 or 13 below depending on if you use a Windows Phone 8 or not.​
12. If you use a Windows Phone 8, then update it with your new app password, and click/tap on Next. (see screenshot below.​
Microsoft_account_two-step_app_password.jpg
A) Click/tap on Finish. (see screenshot below)​
Microsoft_account_two-step_app_password-2.jpg
13. If you don't use a Windows Phone 8, then repeat step 7 above to receive a second verification code using a different method (steps 7-9) than what you used the first time.​
A) Two-step verification is now turned on for your Microsoft account. Click/tap on Done. (see screenshot below)​
Microsoft_account_two-step_verification-4.jpg




OPTION TWO

To Turn Off "Two-step Verification" for your Microsoft Account


2. If not already, sign in to your Microsoft account. (see screenshot below)​
sign-in_microsoft_account.jpg
3. If this PC or device is not a trusted device, then you will be prompted to enter and submit a security code sent to your phone or alternate email address. (see screenshots below)​
add_trusted_pc.jpg
email-code-2.jpg
4. Under the Two-step verification section, click/tap on Turn off two-step verification. (see screenshot below)​
turn_off_two-step_verification-1.jpg
5. Click/tap on Yes to confirm. (see screenshot below)​
turn_off_two-step_verification-2.jpg
6. Two-step verification is now turned off for your Microsoft account.​

That's it,
Shawn


 

Attachments

  • User.png
    User.png
    1.2 KB · Views: 285
Last edited:
Hi Shawn,

Great tutorial as always. :)

However I have a question - how do I get Windows 8 to ask me for the authentication code when I use a Microsoft Account to sign into Windows 8?

What am I doing wrong with the following?:

  • Setup a new Microsoft account (for a new email address) on this laptop
  • Check it all worked and I can login etc.
  • Then I enabled 2-step verification for that Microsoft Account.
  • I also removed all Trusted devices from that Microsoft Account
  • When I login to outlook.com via webmail, I need to enter the code using the Authenticator app, as expected
  • However, when I login to Windows 8, it just asks me for a password, not the extra code. On the linked blog (Microsoft Account gets more secure) it shows a Windows 8 screen which asks for the code, but I'm not getting this - how do I enable it?

Incidentally I followed the tutorial with a Windows Phone 7.8, and it seems to work as well as Windows Phone 8. (My guess is that WP7.5 will work too, because when I downloaded the Authenticator app, it was running WP 7.5 and I don't think the app has updated since.)

Thanks!
 

My Computer

System One

  • OS
    Windows 8.1, 10
Hello David,

The two step verification would only happen when you sign in to your Microsoft account for any MS service from a PC that you haven't yet verified. Once verified you will no longer get the two-step verification for that PC.

What happened was that when you did the two-step verification at Outlook.com while on that PC, it set that PC as trusted. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
What happened was that when you did the two-step verification at Outlook.com while on that PC, it set that PC as trusted. :)
Thanks for that.

The thing that surprised me was that I did select the option to "Remove all Trusted Devices associated with the account", while logged in to the outlook.com website, which I thought would remove the Trusted status, but it still let me login with just the password.
 

My Computer

System One

  • OS
    Windows 8.1, 10
Yeah, on the PC itself it'll just ask for the password.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Yeah, on the PC itself it'll just ask for the password.
Thanks Shawn.

So if someone steals my laptop, they only need my email and password to get to everything on that PC linked to that Microsoft Account, which I guess would include Mail (via the Mail app) and Skydrive/Onedrive files.

It sort of makes sense, because 2-factor verification is suppose to be 'something you know plus something you have', and I guess the 'something you have' is the laptop.

But it isn't as secure as some business laptops I see, where folks have a little device that gives you a number that changes every 30 seconds or whatever, which you need to enter before logging in; I was hoping for something like that using the Windows Phone Authenticator app.
 

My Computer

System One

  • OS
    Windows 8.1, 10
If it got stolen, you should change your Microsoft account password and remove all trusted PCs to prevent them from being able to sign in to your Microsoft account.

Since two-step verification uses a different email address to verify with than the one used for your Microsoft account, they would not be able to verify the laptop as trusted with your Microsoft account unless the also stole your phone to be able to get a text message with the two-step verification code (if that phone's number was listed).
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Back
Top