Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account:
An extra security code
Two-step verification helps protect your account by making it more difficult for a hacker to sign in, even if they've somehow learned your password. If you turn on two-step verification, you'll see an extra page every time you sign in on a device that isn't trusted. The extra page prompts you to enter a security code to sign in. We can send a new security code to your phone or your alternative email address, or you can obtain one through an authenticator app on your smartphone.
Sign in to your Microsoft account.
Because you're changing sensitive info, you might be prompted to enter a security code. Check your phone or alternative email address for the code, enter it and tap or click Submit.
Under Password and security info, tap or click Edit security info.
Under Two-step verification, tap or click Set up two-step verification.
Tap or click Next, then follow the instructions.
If you need to add or verify any security info before you can turn on two-step verification, we'll prompt you with a few simple steps to do so.
Some apps (like the email apps on some smartphones) or devices (like the Xbox 360, for example) can't prompt you to enter a security code when you try to sign in. If you get an incorrect password error with an app or device, you'll need to create a unique app password to sign in. Once you've signed in with your app password, you're ready to use that app or device. You'll need to create and sign in with an app password once for each app or device that can't prompt you for a security code.
If you're prompted for a security code here, enter it and tap or click Submit.
Under App passwords, tap or click Create a new app password.
A new app password is generated and appears on your screen.
Switch to the app or device for which you need the password, and enter the app password displayed on the screen.
For more info about signing in to specific devices, see App passwords and two-step verification.
Your alternative contact info helps keep your account secure, so if it's no longer current, you need to update it. You can provide new contact info and mark out-of-date email addresses or phone numbers to be deleted.
Please note that we don't fully delete any of your old info for 30 days, and you won't be able to sign in to your Microsoft account with the new info you add until the 30 days have passed. We're sorry for any inconvenience, but this waiting period helps to deter hackers from updating your security info and gaining access to your account without your knowledge.
On the Microsoft account sign-in page, enter your email address and password.
On the Help us protect your account page, tap or click Use a different verification option.
If all your alternative contact info is out of date, choose I don't have these any more from the drop-down list, then tap or click Next.
In the I don't have my security info any more page, tap or click Next, then follow the instructions to add and verify your current contact info.
See all support pages for security, privacy & accounts.
Ask a question in the