With the Microsoft online account becoming the de facto way of logging in to Windows it has become more important than ever to keep your Microsoft online account safe.
Fortunately, Microsoft has quite a few options available to further secure your account, besides two-factor authentication. There’s even an option to turn your account completely passwordless.
In this article, we’re going to explore the secondary ways you can add in order to be able to verify or sign in to your Microsoft account.
Without any secondary sign-in or verify options added to your Microsoft account it’s next to impossible to regain access in case you forget your password. Notice I didn’t say impossible, but next to impossible. Here’s how to use the Microsoft account recovery form in this case.
- 1 Why You Should Add Secondary Login Options to Your Microsoft Account
- 2 How to Add a New Way to Sign in and Verify to an Existing Microsoft Account
- 3 How to Remove a Secondary Sign-In Option From Your Microsoft Account
Why You Should Add Secondary Login Options to Your Microsoft Account
Even if you’re not using a Microsoft Account for anything else than Windows login, you could lose access to your computer if you don’t have any secondary ways to sign in or verify your account access.
In conclusion, secondary sign-in options help you either login to your Microsoft Account or reset the password on the web.
How to Add a New Way to Sign in and Verify to an Existing Microsoft Account
In total there are five types of secondary security options you can add to your Microsoft account:
- Another email you have access to.
- Your phone, where you’ll receive a text message.
- An authenticator app.
- A security key (USB, NFC, or Bluetooth-connected phone)
- Windows Hello (face, fingerprint, or PIN).
First, we need to access the security section of your Microsoft account:
1. Open your browser and visit Microsoft’s website.
2. Click on the account icon at the top right of the page.
3. If you’re already logged in you will be sent to your account.live.com website. If not, you will need to log in first.
4. Navigate the Security in the top menu.
5. Select the Get started link in the Advanced security options section.
6. Here you will see a list of Ways to prove who you are. It doesn’t hurt to have a few options to pick from:
7. At the bottom of the list you’ll find the link called Add a new way to sign in or verify. Clicking on this link will bring up this menu:
What’s the difference between account sign in and account verification?
I would really like to know. I’m not 100% sure, but some actions in your Microsoft account, even if you’re already signed in, will trigger a verification.
If you’ve logged in a while ago and you want to change the account password for example, you’ll be asked for a security code sent to one of your secondary methods.
Basically, an account verification happens while you’re already logged in. That’s what I understand. Let me know if you know something else.
Let’s take each method one by one and see how you add each type of account verification/sign-in method to your Microsoft Account.
Enter Password – Default Login Method
This is the default login option (as it should be). It’s already attached to your Microsoft account, so nothing to do here. I’m just mentioning it because it’s listed in the Ways to prove who you are section of your account.
We’ll explore how to remove the password from your Microsoft account altogether in another article.
Email a Code – Secondary Email
Clicking on Email a code will prompt you to specify an email address, other than that of your current Microsoft account.
A one-time security code will be sent to that email.
Grab the code and add it to the next final step.
Once you confirm the security code this email address will be added to your account list of Ways to prove who you are.
Text a Code – SMS Sent to Your Phone
Adding a phone number after clicking on Text a code works pretty much the same.
First, select your country. This will change the area code.
Then add the remainder of your phone number.
A text message will arrive on your phone in a few moments. Enter the code in the next screen to confirm.
Use an App – Enter a Code From an Authenticator App
Authenticator apps are getting very popular, but I personally don’t like them. You rely too much on your phone already and in case it gets lost you can’t recover your authenticator profile.
It’s super easy to migrate from one phone to another, but if your smartphone gets lost or stolen you can’t do anything about that.
Anyway, you can use the Microsoft Mobile Phone Authenticator app or any third-party authenticator app, such as the one I’m using, the Google Authenticator.
In the first step click on Get it now if you want to use Microsoft’s app, or Set up a different authenticator app to use another variant.
Open the authenticator app of your choice, click on the add new profile button, then scan the QR code. A new profile for your Microsoft account will be added to the app, which will start generating codes. Enter one of the codes in the same screen to confirm this alternate sign-in/verification method.
If you have already set up an authenticator app, you will get this message. It basically lets you know that the previous profile will stop generating valid codes.
Use a Security Key (USB, NFC, or Bluetooth phone)
You can use special USB dongles to verify access, NFC dongles, or your phone, if it’s paired to the computer you’re trying to manage your Microsoft account from.
I’ve tried with simple USB flash drives, but they don’t work. My phone worked OK though.
In the first step, you have to select the type of device. In a typical Microsoft confusing fashion, this step doesn’t matter. No matter what you select, at the next step, where the passkey is created, you’ll see an identical list of options:
- use a security key of a built-in sensor (USB key or NFC)
- all of the smartphones connected to your Windows machine
- a new device (a different smartphone)
I can’t show you how to add USB keys or NFC security keys, but I imagine you have to insert them or tap the NFC reader when you see this image:
If you select one of the existing linked phones you will automatically get a notification that you need to open and confirm you wish to link the phone to your Microsoft account.
If you pair a new phone by selecting A different device all you have to do is scan a QR code:
Then you need to confirm the link on your mobile phone:
Once the passkey creation is confirmed on your phone all you have to do in the browser is to give this key a name, so you recognize it later. I’ve chosen to use the same name I use for my phone.
Every time you want to use your new phone to sign-in or verify your Microsoft account you will receive a notification. You will need to open with your screen lock method: pattern, PIN, fingerprint, and so on.
Use Your Windows PC with Windows Hello (Pin, Face, or Fingerprint)
The last option is to use Windows Hello to confirm access to your Microsoft account. Windows Hello only works on the current device. Keep that in mind.
Explaining how Window Hello this works it’s hard, but I’ll try anyway:
On a Windows computer where you log in with a Microsoft online account you will use the same PIN as you use at the login screen. It seems you can never log in to Windows with your Microsoft account password. It only works by setting up a Hello PIN.
On multiple devices that use the same Microsoft account, you can have different PINs. It’s confusing.
If you’ve already set up Windows Hello just confirm the PIN and that’s it. The method will now be added to your alternate sign-in options.
If you use a local account, then you have two options:
Option 1 – Convert your local account to an online account and use the new Hello PIN for both Windows login and Microsoft account sign-in/verification.
Option 2 – Add a Hello PIN but keep the Windows account type local. Note: this will change the login method on your PC from password to Hello PIN.
These two steps must be done in the Windows settings app. In both Windows 10 and Windows 11 the options are found in: Settings > Accounts > Sign-in Options:
Depending on your device capabilities, you may be able to use face unlock or a fingerprint, not just the Hello PIN option.
The Next button will not become active until you successfully set Windows Hello on the current device.
Follow the prompts to set up Hello on your current device and, at the end, give it a nice name that’s easy to remember, since it will work only on the device where it was set up.
This is so confusing that I’ve decided to write a separate article about Windows Hello. I’ll link it here when it’s live.
Every time you add a secondary sign-in or verification option you’ll get confirmation notifications sent to your primary Microsoft account email and all secondary methods that have the Receive alerts toggle on (only emails and phones can receive alerts). I’d leave this option on for at least a few methods, so I will be notified if someone is “doing work” on my account.
How to Remove a Secondary Sign-In Option From Your Microsoft Account
It’s super easy to manage your alternate sign-in options on your Microsoft account. Go to the Security > Advanced security options again and expand each item in the Ways to prove who you are list.
At the bottom of each item there’s a Remove button that will simply remove that sign-in/verification method after a few confirmation dialog boxes.
Note the option to enable or disable alerts, available only for secondary emails and mobile phones.
There’s also a View activity button that goes to the same page, where you can’t really know what method you’ve used on what device and when did you do it. Again confusing, but I guess that’s to be expected sometimes with Microsoft.
Looking for similar reads?
- Find out about the differences between local and online accounts in Windows and how to switch between them
- How to add a new local account in Windows
- Reset the Microsoft account password at the Login screen
If you’re using local accounts in Windows these secondary sign-in options won’t help you at all.
In this case, you need to use a password reset disk instead to reset the local Windows account password, answer the security questions, or use another administrator account to change the lost password.