How to Protect Your Outlook.com Account with Two-Step Verification

Depositphotos_34322459_original_1600.jpeg
Old key in a rusted door lock. © Depositphotos.com/scyther5
by Heinz Tschabitscher
An independent writer who has reviewed hundreds of email programs and services since 1997.
Updated April 15, 2018

Outlook.com wants your account to be secure. A strong password is a good first step which can be followed by another.

With Outlook.com two-step verification, your password alone is not enough to access the emails in your account or send messages from it. Instead, a second means is needed to log in: a specially generated code delivered from Outlook.com to an alternate email address or, more securely perhaps, to your phone; the phone may also be able to generate the code itself using an authenticator app.

Two-step verification makes your Outlook.com account much more secure. For the convenience to which you are accustomed, you can exempt browsers on devices and computers only you use from the need to enter a code. For the flexibility afforded by POP access and even more by IMAP in email programs, you can generate specific—and relatively hard to guess—passwords.

Protect Your Outlook.com Account with Two-Step Verification

To have logging into your Outlook.com (and Microsoft) account require two steps—a password and code delivered to your mobile phone or an alternative email address, for instance:

  • Click your name or picture in the top Outlook.com navigation bar.
  • Select Account settings from the menu that has appeared.
  • If you are prompted for a password:
    • Type your Outlook.com password over Password.
    • Click Sign in.
  • Open the Security info category under Overview.
  • If Help us protect your account appears:
  • If you have an alternative email address or a phone number set up for contacting you:
    • Select a phone number or alternative email address to which you have access under How would you like to receive your code?.
    • Click Next.
  • If you have no alternative contact options:
    • Choose whether you want to add a phone number or alternate email address under Help us protect your account.
    • Enter the email address or phone number (making sure the country code is set correctly and does not appear in the phone number itself).
    • Click Next.
  • Look for and open an email from "Microsoft account team " with the subject "Microsoft account security code" at the email address you selected or a call or text message from Microsoft.
  • If you received the code by email:
    • Highlight and copy the verification code in the message.
    • Paste the code over Code back at Help us protect your account.
  • If you received the code by phone:
    • Type the verification code over Code.
  • Click Submit.
    • If you have newly added a contact option, Outlook.com may require you to request and enter a new code, as above.
  • Follow the Set up two-step verification link under Two-step verification.
  • Click Next.
  • Select an alternative email address under How would you like to receive a verification code?.
  • Click Next.
  • Look for and open an email from "Microsoft account team " with the subject "Microsoft account security code" at the email address you selected.
  • Highlight and copy the verification code in the message.
  • Paste the code over Code back in your browser.
  • Click Next again.
  • Now click Done.You can set up individual browsers on devices and browsers only you use not to require two-step authentication every time you are about to access your emails at Outlook.com.

    • Add a Phone Number to Receive Outlook.com Sign-In Verification Codes

      To add a new phone number at which you can receive verification codes from Outlook.com when logging in:
      • Click your name or icon near your Outlook.com's top right corner.
    • Choose Account settings from the menu.
    • Log in using password or two-step verification if you are prompted.
    • Go to the Security info category under Overview.
    • Click Add under Phone number.
    • Choose the country code and enter your phone number (without country code) under Add phone number.
    • Select Text for SMS and Call for automated call verification.
    • Click Next.
    • Wait for the call or SMS text message at the phone number you entered.
    • Type the code received over Code under Enter the code you receive.
    • Click Next again.
    To remove a phone number:
      • Click Remove next to the phone number you want to delete from your Outlook.com account under Phone number in your Security info category.

    Add an Email Address to Receive Outlook.com Sign-In Verification Codes

    An alternative email address you add to your Outlook.com account will also function for two-step verification by email.

    • Set Up an App for Generating Verification Codes (Even When You Are Offline)

      To set up an authenticator app for logging in to your Outlook.com account:
    • Open your Outlook.com's Security info page.
    • Follow the Set up link under Authenticator app.
    • Open the authenticator app on your phone or device.
    • Scan the QR code that has appeared under Pair an authenticator app with your Microsoft account.
    • Type the code shown in the authenticator app over Code generated by app.
    • Click Pair.