Using MS Authenticator for 2FA Everywhere
Two Factor/Multifactor Authentication can help keep you safe.
The bad guys are out to get you. They’re phishing in your email, they are using brute force to try to get your password so they can log into your email accounts, your Microsoft Accounts, your Google accounts, Facebook, Twitter, and just about everywhere that you use a password to log in. Having a strong and unique password for every site and account isn’t enough these days. You CAN do more to protect yourself. There PROBABLY ARE baddies trying to break into your accounts right now. It’s a fact of life. Want an example? I was amazed at the number of unique IP’s trying to gain administrative access to the WordPress dashboard on one of my blogs by trying to login through the WordPress interface. And I was horrified.
What can you do to protect yourself? My advice is simply ‘if you don’t have 2FA enabled, enable it now if you possibly can’. (And if you are one of the folks that still doesn’t have a smartphone, consider a physical device like Yubikey’s devices. Microsoft blogged about using this product for Windows Hello as well.) I won’t cover using these devices in this article, but be aware that if you don’t have a smartphone, you do have an option.) Note that, in some cases, you can use a secondary email address as an option to SMS or Yubikey, but it isn’t as secure and I don’t recommend it.
Two Factor Authentication (2FA) relies on something you know (like a strong password) and something you have (like a cellphone/smartphone) to help secure your email, online email and social media accounts, etc. There are additional ways to use 2FA, and you can read more about this at Wikipedia, Microsoft, and there’s a particularly good write up at Google.
And Microsoft has a video:
Get the Microsoft Authenticator App
(Before you get started, if you don’t already have a cell phone number attached to your Microsoft Account as a recovery number, set one up. To do this, go to https://account.live.com/proofs/Manage and sign in. Full instructions on how to do this are here.)
First step is to get the app for your platform and install it on your smartphone.
iOS users – if you have an Apple Watch, you get a watch app that lets you quickly approve or deny.
Next open your web browser and go to https://account.live.com/proofs/Manage
Setting up 2FA for your Microsoft account: Setting up MS authenticator for an outlook.com/hotmail.com (etc.) personal Microsoft Account takes a few steps. Here’s a short video walkthrough of the process. I’ve obliterated personal information and made some edits for privacy, but all the steps are shown.
After setting up 2FA for an account, alerts will appear on your phone and you will be able to approve or deny each one. In iOS 10, tap the notification to open MS Authenticator. The alert will specify the account (I’ve covered this here for privacy) and you can Approve or Deny.
I have an iPhone and an Apple Watch, and for me, using Microsoft Authenticator is non invasive and easy. Most of the time, I can approve the 2FA request right on my Apple watch.
It’s pretty straightforward to set up Microsoft Authenticator with your Microsoft Account, but it may not be obvious that you can use the MS Authenticator elsewhere. Many online sites document using Google Authenticator, but don’t mention that other products, such as Microsoft Authenticator will work just as well (or better!). At a 50,000 foot level, you turn on 2FA and enable “use an app” and select the “+” add account in the app and then take a picture with your smartphone of a QR code to start the process. It is pretty easy to set up and well worth the extra effort. And in most cases, you can designate “trusted devices” so that you authenticate once (or every 30 days, etc.). For desktop programs like Outlook 2016, you can generate Application Passwords to enter into account settings instead of your regular password (and if the account is already setup, you just replace the password with the App Password).
Setting up 2FA for your Google account (iOS or Android):
Start by going to https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome and logging in if you aren’t already logged in.
Here’s a short demo walk through of how to use Microsoft Authenticator with your Google Account. And again, this process should work with any online account that lets you set up an authenticator app using a QR code, even if MS Authenticator is not specifically list.
If you turn on 2FA for your Microsoft account and any Google accounts, that’s a good start towards increasing your security (and hopefully your peace of mind). And you should turn it on for any online entity that offers it.