How to use the Microsoft Authenticator app

Sign in securely without a password

Are you tired of trying to remember your password? With this free app, you can sign into your personal Microsoft account without one. For security, you’ll use a fingerprint, face recognition, or a PIN. And don’t worry—if anything happens to your mobile device or if you forget your PIN, your password will still get you into your account.

The Microsoft Authenticator app is available for Android and iOS.

You can use the app with a mobile phone or a tablet. Learn what it’s like to sign in and how you can backup and recover account credentials.

Use two-step verification for more security

If you need more security, you can require a password along with your fingerprint, face recognition, or PIN. This is called two-step verification. For a personal account, you can turn two-step verification on or off, and reset your password. You can also manage app passwords and change your settings. For a work or school account, your administrator will likely decide whether you’ll use two-step verification, and then you’ll complete the registration process and set it up.

Use time-based, one-time passcodes

The Microsoft Authenticator app also supports the industry standard for time-based, one-time passcodes (also known as TOTP or OTP). Because of that, you can add any online account that also supports this standard to the Microsoft Authenticator app. This will help keep your other online accounts secure.

For instructions on how to add other online accounts, read Add your non-Microsoft accounts.

Use Microsoft Authenticator with Microsoft 365

If your organization is using multi-factor authentication (MFA) for Microsoft 365, the easiest verification method to use is the Microsoft Authenticator smart phone app. It’s just one click instead of typing in a 6-digit code. And if you travel, you won’t incur roaming fees when you use it.

Download and install Microsoft Authenticator app

Download and install the Microsoft Authenticator app for Android, iOS or Windows Phone.

Set up the Microsoft Authenticator app

Choose the mobile app

Open a browser on your computer and go to portal.office.com. Sign in to your Office 365 for business account.

Use these steps if you see this screen:

Click Set it up now.

Choose Mobile app from the dropdown.

Make sure » Receive notifications for verifications» is selected. Click Set up.

Use these steps if you see this screen:

In the drop down box under What’s your preferred option, choose Notify me through app.

Check the box for Authenticator app or Token, and then click Set up Authenticator app.

Wait for configuration pop-up box.

You should see a window on your computer that looks like this.

Add account to Microsoft Authenticator

Open the Microsoft Authenticator app on your phone.

Tap the + > Work or school account.

Use your phone to scan the QR square that is on your computer screen.

iPhone users may have to enable the camera in Settings in order to scan.

If you can’t use your phone camera, you’ll have to manually enter the 9 digit code and the URL.

Your account will be added automatically to the app and will display a six-digit code.

Confirm activation status on your computer

Switch back to your computer and click Done.

Now wait for the Checking activation status text to finish configuring your phone.

When it’s complete, you’ll be able to click the Contact me button on the right.

Note: If configuration fails, just delete retry the previous steps again.

Approve sign in on your phone

Switch back to your phone and you’ll see a notification for a new sign in.

Go to the Microsoft Authenticator app.

Tap Approve to allow it.

Finish set up

Back on the computer, follow any prompts that you might see such as adding a mobile number.

You’re good to go!

From now on, whenever you have a new sign in or add your Microsoft 365 work or school account to an app, you’ll open the Authenticator app on your phone and tap Approve.

Microsoft account security info & verification codes

Security info confirms your identity

Security info is an alternate contact email address or phone number that you add to your account. If you forget your password, or if someone else is trying to take over your account, we send a verification code to that alternate email or phone number. When you give the code back to us, we know that you’re really you so we can help get you back into your Microsoft account.

We use your security info only to verify your identity if you’re accessing personal information or if we detect a problem with your account.

Note: This article is about security info. If you have lost, forgotten or have other password issues, see Change or reset your Windows password.

Before we start into how to manage your security info, let’s make sure we’ve successfully sent your verification code.

If you’d like to reset your password but the verification code didn’t arrive, see When you can’t sign in to your Microsoft account.

For tips about receiving and using verification codes, please see Troubleshooting verification code issues.

Manage your security info

You can change your password, update info, or review recent activity. If you’re not already signed in to your Microsoft account, you’ll see a prompt.

On your Security basics account page, you can add, update, or remove security info. Select any of the following to find out how.

If you want to add a new email address or phone number, read How to add security info to your Microsoft account.

Make sure the list of phone numbers or email you use to sign in to your account is up to date. Open your Sign-in options to turn off sign-in preferences for any phone number or email you don’t use often

On the Security basics page, select the Update info button. If you’re not already signed in to your Microsoft account, you’ll be prompted to sign in.

You may be asked to enter a verification code to continue. If you don’t have access to your alternate email or phone number, choose I don’t have any of these and follow the instructions to replace your security info.

You’ll see your security info under Security settings. Choose Remove for any you want to remove. You may be asked to add new security info before you can remove the old info.

Note: If you request removal of all security info in your account, the info doesn’t actually change for 30 days. During this time, we cannot accept further changes or additions to security settings or billing info. Your account is still open and active, and you can still use your email, Skype, OneDrive, and devices as usual. We’ll let you know when it’s time to enter new security info.

Troubleshooting verification code issues

There are a number of possible explanations for why verification codes don’t always arrive. Read through the list of the most common causes, and see if any of them apply to you.

Does your phone block texts from unknown numbers?
If so, change your phone settings then choose I don’t have a code. We’ll send another verification code.

Did your email send your verification code to your junk folder?

Check your junk email folder for a message from a Microsoft account, and use the code sent to you. Valid verification codes come from an @accountprotection.microsoft.com email address.

Mark @accountprotection.microsoft.com as a trusted sender to receive your verification code in your inbox.

Is your phone number or email address entered correctly?
To keep your information safe when you’re signing in, we only show you the last two digits of your phone number or the first two characters of your email address.

To see if your security info is correct:

Sign in to your Security basics page with your Microsoft account.

Select Update info.

Choose a method that you know works, or choose I don’t have any of these to replace your security info.

Does your alternate email address end in @outlook.com, @hotmail.com, @live.com, or @msn.com?
If so, you’re using one Microsoft account to verify another Microsoft account. This can make it tricky to keep track of which one you’re signed in to. When you sign in to the second account (to get the code sent to that email), most browsers automatically sign you out of the first account (the one that’s actually requesting the code).

To get your verification code:

Using a browser in privacy mode, sign in with the first account. This lets you stay signed in to both accounts at the same time.

When you’re prompted to enter the verification code that was sent to your alternate email address, don’t close the browser window.

Open a new window in privacy mode. Ctrl + Shift + P is the shortcut for InPrivate Browsing in Microsoft Edge and Internet Explorer. If you’re using a different browser, check that browser’s help for info about privacy mode.

In the new window, sign in to your alternate email account and look for the message from the Microsoft account team. Copy or write down the verification code from the message.

Return to the window that is asking you for the verification code. Enter the code and follow the instructions.

When you see a message asking you to make sure you can receive a verification code, verify or add new security info. You can skip it for 24 hours at a time, but after seven days from the first notice you’ll have to verify or add new security info before you can sign in again.

We won’t ask you to verify your security info every time you sign in. Occasionally, we might ask you to check it again—for example, if you haven’t signed in for a long while. This is our way to make sure your info is current.

No. A verification code doesn’t replace your password, so it won’t work to enter a verification code in the password box. We use verification codes in addition to passwords as an extra layer of security in case someone else learns your password.

How to use two-step verification with your Microsoft account

Note: If you are trying to find out how to change an email address or phone number for your Microsoft account, see Change the email address or phone number for your Microsoft account. If you’re having issues signing in to your account, see When you can’t sign in to your Microsoft account for help. Get more info about what to do when you receive the “That Microsoft account doesn’t exist” message when you try to sign in to your Microsoft account.

About two-step verification

What two-step verification is

Two-step verification helps protect you by making it more difficult for someone else to sign in to your Microsoft account. It uses two different forms of identity: your password, and a contact method (also known as security info). Even if someone else finds your password, they’ll be stopped if they don’t have access to your security info. This is also why it’s important to use different passwords for all your accounts.

Important: If you turn on two-step verification, you will always need two forms of identification. This means that if you forget your password, you need two contact methods. Or if you lose your contact method, your password alone won’t get you back into your account—and it can take you 30 days to regain access. You may even lose access to the account. For that reason, we strongly recommend you have three pieces of security info associated with your account, just in case.

What happens when you turn on two-step verification

If you turn on two-step verification, you’ll get a security code to your email, phone, or authenticator app every time you sign in on a device that isn’t trusted. When two-step verification is turned off, you will only have to verify your identity with security codes periodically, when there might be a risk to your account security.

What you’ll need for set up

Two-step verification begins with an email address (we recommend two different email addresses, the one you normally use, and one as a backup just in case), a phone number, or an authenticator app. When you sign in on a new device or from a new location, we’ll send you a security code to enter on the sign-in page. For more info about the authenticator app, see How to use the Microsoft Authenticator app.

Turn two-step verification on or off

Go to the Security basics page and sign in with your Microsoft account.

Select More security options.

Under Two-step verification, choose Set up two-step verification to turn it on, or choose Turn off two-step verification to turn it off.

Follow the instructions.

Note: As part of setting up this account, you’ll be given a QR code to scan with your device; this is one way we ensure you are in physical possession of the device you are installing the Authenticator app to.

Reset your password when two-step verification is turned on

If you forget your password when you have two-step verification turned on for your account, you can reset your password as long as we have two ways to contact you, like one of the alternate contact email addresses or phone numbers that you used when you turned on two-step verification.

Depending on what security info you have added to your account, this requirement might mean entering a security code from your authenticator app and entering a security code that was emailed to your backup email account.

To reset your password, follow the steps in How to reset your Microsoft account password. Instead of receiving one security code to verify your identity, though, you’ll receive two.

If you’re looking for info about changing, removing, or updating the alternate email address or phone number where you get security codes, follow the steps in either Security info & verification codes or Replace your Microsoft account security info.

Where you can’t use security codes, use app passwords

Some apps (like the mail apps on some phones) or devices (like the Xbox 360) can’t use regular security codes. If you see an “incorrect password” error on an app or device after you turn on two-step verification, but you’re sure your password was correct, that means you’ll need an app password for that app or device.

App passwords are only available if you use two-step verification. If you don’t have two-step verification turned on, you won’t see the App passwords section on the Additional security options page.

Read about how to create and use app passwords in App passwords and two-step verification.