If we’ve said it once, we’ve said it a million times: You should use two-factor authentication everywhere you can. It’s an easily enacted security measure that should give you a lot more peace of mind.
Technically, Microsoft protects its apps with “two-step verification” rather than two-factor verification. Alex Simons, vice president of program management for Microsoft’s Identity Division, describes why, in a blog post highlighting new Apple Watch support for the Microsoft Authenticator app:
From a security standpoint, we still consider the experience on the Watch as two-step verification. The first factor is your possession of the Watch. The second factor is the PIN that only you know. When you put the Watch on your wrist in the morning, you will need to unlock it. As long as you don’t remove the Watch from your wrist and it stays within range of your phone, it will stay unlocked—so you don’t need to provide your PIN again.
If you use Microsoft apps, especially Outlook for your email, you should absolutely set up two-step authentication on your Microsoft account, and you can use either Microsoft’s official app or your favourite authentication app. Here’s how to do both:
Where to set up two-step authentication
First things first. If you want to set up two-step authentication, you have to find where to set it up. There’s a simple walkthrough for the process on Microsoft’s website, but it’s buried a couple of pages deep. Here’s how to find it:
Step 1: Sign in to your Microsoft account and go to the “Security Basics” page.
Step 2: Select “more security options” at the bottom of the page.
Step 3: On the “Additional Security Options” page, select “Set up two-step verification” (it’s in the second section down).
Syncronise Microsoft’s authenticator app
Step 1: From the “Set up Two-Factor Authentication” page, select “Next”, and you will be prompted to set up the Microsoft Authenticator app.
Step 2: If you’re using Microsoft Authenticator, simply download the app and log in to your account. (You will need to type in a code sent to your email or phone number.)
Step 3: Click “next” on the two-factor authentication setup page, and you’re ready to go!
Using a different authentication app:
Step 1a: Click “set up a different Authenticator app”. Microsoft will generate a QR code. Use your authenticator app to read it.
Step 2a: Your authenticator app will give you a code (usually a pair of three- or four-digit numbers). Type it into the text box below the QR code.
Once you’ve set up two-step authentication, you can easily turn it on and off by returning to the “Additional Security Options” page and selecting “Turn off Two-Step Verification”.
Part 3: Set up 'App Passwords' for your older Microsoft apps
Some older Microsoft hardware and software doesn’t support Microsoft’s two-factor authentication, including the Microsoft Outlook Desktop app, older versions of Microsoft Office, the Xbox 360, and Windows Phone. If you use any of these regularly, you will need to set up special “App Passwords” for them. There are specific instructions for each app on Microsoft’s App Password rundown.
Once two-factor authentication is turned on, these apps will generate errors when you try to use them unless you’re typing in your special app password, so make sure to set up your passwords right away.