It’s not enough to setup two-factor security for your Microsoft account. Make sure your recovery settings are checked and up to date. Do it now before it’s too late.
Today we’re helping someone trying to login to their Microsoft account after losing their password. Many, many hours of frustration and worry that could have been avoided. They are having lots of trouble because their account recovery options are out of date and incomplete so they can’t see all the verification codes needed to access their account.
Here’s a reminder of what you should check in your Microsoft account settings to save yourself trouble later or, at worst, not being able to access the account at all!
There are many methods of account recovery or confirmation, all of them should be setup – not just one. In some circumstances, more than one confirmation method is required, for example if the password is lost.
Do this for each Microsoft account you have. Many people have at least a personal and work Microsoft accounts.
Other email addresses can be nominated to receive a confirmation or recovery code. You can and should setup more than one email address, in case there’s a problem accessing just one.
Those email addresses have to be separate from the email linked to that Microsoft account.
Ideally the alternative email addresses should use another mail host entirely, for example a Gmail, Yahoo or Proton mail address instead of Outlook.com or Hotmail. That will help if there’s a problem with Microsoft’s systems more broadly.
Don’t worry about revealing any of these alternative email addresses to hackers. If someone tries to get an authentication code sent to an email address, they are shown part of the address (as a hint) and have to type in the complete alternative email address.
Check the email logins
Can you login to the alternative email accounts? Make sure you know the password etc for each of the other email addresses.
Too many times I’ve seen people caught by having an alternative email address that they’ve forgotten how to access.
Phone
A recovery/confirmation code can be sent to a phone number either by text (SMS) or voice call.
Ideally a mobile/wireless number that can accept text messages and will work wherever you are. Landline is OK to accept an automated voice call.
We’ve often seen people who can’t get a phone confirmation because an old or unavailable number has been setup in the past.
Just like email addresses, setup as many phone numbers as you can.
Authentication app
The best way to authorise an account login is with an authentication app. The app gives you a time-limited special code to confirm access to an account. It’s usually a smartphone app which works even if the device is offline.
We like Authy which works with almost all ‘two-fac’ accounts and can appear on multiple devices. The Authy web site has good ‘how to’ guides for many different accounts.
You can setup more than one authentication app to access an account and you should. Apps on separate devices is ideal, in case one device is stolen or lost.
Recovery Code
Do you know where your Microsoft Recovery Code is saved? It will let you unlock your Microsoft account if all else fails.
A recovery code was created for you during the initial Microsoft two-step authentication setup. The recovery code is a 25 character code (it looks like an Office Product Key).
Many people ignore the recovery code and suggestion to save it. Or they save the code then forget it exists or where the code was saved.
Get your Recovery Key from the Security page in your Microsoft account. Go to https://account.microsoft.com/security?lang=en-US&refd=account.microsoft.com and choose Manage how I sign in.
The Recovery Key is at the very bottom of the Security page, after the list of other login and verification methods.
Making a new Recovery Code will cancel and replace any earlier code issued.
Microsoft suggests printing out the code or taking a picture of it. Make sure you save it somewhere you can reach without your Microsoft login. For example, don’t save it to Onedrive or a Windows PC linked to the same Microsoft account.
Ask a friend
You might be wondering how best to save these alternative login or verification methods.
One ‘last resort’ possibility is asking a friend to help. If something goes badly awry, you can ask your friend to help restore your account.
They could be an alternative email address or phone number. A trusted friend is a good place to store a copy of your Recovery Key.
Microsoft Support
If you lose access to your Microsoft account, don’t expect a lot of help from Microsoft Support. After all, they don’t know for sure that you really are the account owner.
Passkeys
Passkeys are a relatively new way to login to secure accounts. Once setup they make access a lot easier and secure.