Windows 10 tip: Keep your Microsoft account secure with 2-factor authentication

Signing in to Windows 10 with a Microsoft account is convenient, unless your password is stolen or phished. Protect yourself by turning on additional security features.
Written by Ed Bott, Senior Contributing Editor

Turn on 2-factor authentication to secure your Microsoft account.

Click to enlarge

The default settings for Windows 10 strongly encourage you to sign in with a Microsoft account. Although it's easy enough to switch to a local account, there are good reasons for connecting that Microsoft account, including the ability to easily sync settings between devices.

But that powerful account is potentially a source of headaches if your credentials are stolen or phished. To protect yourself, I recommend that you turn on Microsoft's additional security features, which require a second form of authentication if someone tries to use those credentials on an unknown device.

The option is buried deep in the web interface for a Microsoft account. Fortunately, there's an easy-to-remember shortcut:


Signing in with your Microsoft account at that page gives you access to three advanced security settings:

  • Two-step verification forces you to provide a second proof of identity when you sign in on an untrusted device. That code can be sent to an email address, delivered as a text message to your mobile phone, or generated by an authenticator app on your mobile phone
  • The trusted devices list lets you skip the second factor on a device you own after you successfully prove your identity. If a device is stolen, or you suspect you've been compromised, you can clear this list and force a 2FA prompt the next time you sign in on each previously trusted device.
  • A recovery code is worth printing out and saving in a secure location as a way to regain access if you lose access to other verification options.

Note that if you turn on two-step verification, you'll need to generate app passwords for signing in to Xbox, Microsoft Outlook, and third-party apps that can't receive a 2FA code.

Given the havoc that a hacked account can cause, I strongly recommend visiting this page and tightening up your Microsoft account security.

Previous tip: Protect removable storage devices with BitLocker encryption

Next week: Another Windows 10 tip from Ed Bott

Editorial standards