2FA Authenticator is an excellent choice for six digit TOTP authentication. It’s a simple app with a basic UI and it works pretty well. You can also add your secret key manually or via QR code. Battle.net Authenticator. With two-factor authentication, including one-touch button to approve or deny login attempts, you can keep everything protected-from your most storied World of Warcraft characters to your meticulously crafted Hearthstone decks. The Authenticator app provides a one-touch button experience so you can approve or decline. ID.me Authenticator is a simple and free multi-factor authentication (MFA) solution for your ID.me account, protecting your account from hackers by adding an additional layer of security. ID.me Authenticator generates secure 2-step verification tokens on your device, including time-based one-time passwords, (TOTP), push notifications, or mobile.
-->The Microsoft Authenticator app helps you sign-in to your accounts if you use two-factor verification. Two-factor verification helps you to access your accounts more securely, especially while viewing sensitive information. Because passwords can be forgotten, stolen, or compromised, two-factor verification is an additional security step that helps protect your account by making it harder for other people to break in.
You can use the Microsoft Authenticator app in multiple ways, including:
Respond to a prompt for authentication after you sign in with your username and password.
Sign-in without entering a password, using your username, the authenticator app, and your mobile device with your fingerprint, face, or PIN.
As a code generator for any other accounts that support authenticator apps.
Important
The Microsoft Authenticator app works with any account that uses two-factor verification and supports the time-based one-time password (TOTP) standards.
This article is intended for users trying to download and use the Microsoft Authenticator app as a security verification method. If you're an administrator looking for information about how to turn on passwordless sign-in using the Authenticator app for your employees and other uses, see the Enable passwordless sign-in with the Microsoft Authenticator app (preview).
Terminology
| Term | Description |
|---|---|
| Two-factor verification | A verification process that requires you to specifically use only two pieces of verification info, like a password and a PIN. The Microsoft Authenticator app supports both the standard two-factor verification and passwordless sign-in. |
| Multi-factor authentication (MFA) | All two-factor verification is multi-factor authentication, requiring you to use at least two pieces of verification info, based on your organization's requirements. |
| Microsoft account (also called, MSA) | You create your own personal accounts, to get access to your consumer-oriented Microsoft products and cloud services, such as Outlook, OneDrive, Xbox LIVE, or Microsoft 365. Your Microsoft account is created and stored in the Microsoft consumer identity account system that's run by Microsoft. |
| Work or school account | Your organization creates your work or school account (such as alain@contoso.com) to let you access internal and potentially restricted resources, such as Microsoft Azure, Windows Intune, and Microsoft 365. |
| Verification code | The six-digit code that appears in the authenticator app, under each added account. The verification code changes every 30 seconds preventing someone from using a code multiple times. This is also known as a one-time passcode (OTP). |
How two-factor verification works with the app
Two factor verification works with the Microsoft Authenticator app in the following ways:
Notification. Type your username and password into the device you're logging into for either your work or school account or your personal Microsoft account, and then the Microsoft Authenticator app sends a notification asking you to Approve sign-in. Choose Approve if you recognize the sign-in attempt. Otherwise, choose Deny. If you choose Deny, you can also mark the request as fraudulent.
Verification code. Type your username and password into the device you're logging into for either your work or school account or your personal Microsoft account, and then copy the associated verification code from the Accounts screen of the Microsoft Authenticator app. The verification code is also known as one-time passcode (OTP) authentication.
Passwordless sign-in. Type your username into the device you're logging into for either your work or school account or your personal Microsoft account, and then use your mobile device to verify it's you by using your fingerprint, face, or PIN. For this method, you don't need to enter your password.
Whether to use your device's biometric capabilities
If you use a PIN to complete the authentication process, you can set up the Microsoft Authenticator app to instead use your device's fingerprint or facial recognition (biometric) capabilities. You can set this up the first time you use the authenticator app to verify your account, by selecting the option to use your device biometric capabilities as identification instead of your PIN.
Who decides if you use this feature?
Depending on your account type, your organization might decide that you must use two-factor verification, or you might be able to decide for yourself.
Work or school account. If you're using a work or school account (for example, alain@contoso.com), it's up to your organization whether you must use two-factor verification, along with the specific verification methods. For more information about adding your work or school account to the Microsoft Authenticator app, see Add your work or school accounts.
Personal Microsoft account. You can choose to set up two-factor verification for your personal Microsoft accounts (for example, alain@outlook.com). For more information about adding your personal Microsoft account, see Add your personal accounts.
Non-Microsoft account. You can choose to set up two-factor verification for your non-Microsoft accounts (for example, alain@gmail.com). Your non-Microsoft accounts might not use the term, two-factor verification, but you should be able to find the feature within the Security or the Sign-in settings. The Microsoft Authenticator app works with any accounts that support the TOTP standards. For more information about adding your non-Microsoft accounts, see Add your non-Microsoft accounts.
In this section
| Article | Description |
|---|---|
| Download and install the app | Describes where and how to get and install the Microsoft Authenticator app for devices running Android and iOS. |
| Add your work or school accounts | Describes how to add your various work or school and personal accounts to the Microsoft Authenticator app. |
| Add your personal accounts | Describes how to add your personal Microsoft accounts to the Microsoft Authenticator app. |
| Add your non-Microsoft accounts | Describes how to add your non-Microsoft accounts to the Microsoft Authenticator app. |
| Manually add your accounts | Describes how to manually add your accounts to the Microsoft Authenticator app, if you're unable to scan the provided QR code. |
| Sign-in using the app | Describes how to sign in to your various accounts, using the Microsoft Authenticator app. |
| Backup and recover account credentials | Provides information about how to back up and recover your account credentials, using the Microsoft Authenticator app. |
| Microsoft Authenticator app FAQ | Provides answers to frequently asked questions about the app. |
The Microsoft Authenticator app helps you sign in to your accounts if you use two-factor verification. Two-factor verification helps you to access your accounts more securely, especially while viewing sensitive information. Because passwords can be forgotten, stolen, or compromised, two-factor verification is an additional security step that helps protect your account by making it harder for other people to break in.
You can use the Microsoft Authenticator app in multiple ways, including:
Providing a prompt for a second verification method after you sign in with your username and password.
Providing sign-in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN.
Important
This phone sign-in method only works with your work or school and personal Microsoft accounts. Your non-Microsoft accounts require you to use the standard two-factor verification process.
Authenticator App
Prerequisites
Before you can use the Microsoft Authenticator app, you must:
Download and install the Microsoft Authenticator app. If you haven't done this yet, see Download and install the app.
Add your work/school, personal, and third-party accounts to the Microsoft Authenticator app. For the detailed steps, see Add your work or school account, Add your personal accounts, and Add your non-Microsoft accounts.
Turn on and use phone sign-in for your work or school account
Phone sign-in is a type of two-step verification. You must still verify your identity by providing a thing you know and a thing you have, but phone sign-in lets you skip entering your account password and performs all of your identity verification on your mobile device.
Before you can turn on phone sign-in, you must turn on two-factor verification. For more information about how to turn on two-factor verification for an account, see Add your work or school account and Add your personal accounts.
Phone sign-in is only available on iOS and Android devices running Android 6.0 or above.
Turn on phone sign-in
Open the Microsoft Authenticator app, go to your work or school account, and turn on phone sign-in.
- When you tap the account tile, you see a full screen view of the account. If you see Phone sign-in enabled that means you are fully set up to sign in without your password. If you see Enable phone sign-in, tap it to turn on phone sign-in.
- If you’ve already been using the app for two-factor verification, you can tap the account tile to see a full screen view of the account. Then tap Enable phone sign-in to turn on phone sign-in.
- If you can't find your work or school account on the Accounts screen of the app, it means that you haven't added it to the app yet. Add your work or school account by following the steps in the Add your work or school account help.
Note
Microsoft doesn't support a combination of device registration and certificate-based authentication in Authenticator on iOS. Instead, the user must register the device manually through Authenticator settings before signing in.
After you turn on phone sign-in, you can sign in using only the Microsoft Authenticator app. Here's how:
Sign in to your work or school account.
After typing your username, an Approve sign in screen appears showing you a two-digit number and asking you to sign-in through the Microsoft Authenticator app. If you don’t want to use this sign in method, you can select Use your password instead, and sign in using your password.
Open the notification or the Microsoft Authenticator app on your device, and then tap the number that matches the number you see on your computer’s Approve sign-in screen.
Choose Approve if you recognize the sign-in attempt. Otherwise, choose Deny.
Use your phone’s PIN or your biometric key to complete the authentication.
Turn on and use phone sign-in for your personal Microsoft accounts
You can turn on phone sign-in for your personal Microsoft account, such as the account you use to sign in to Outlook.com, Xbox, or Skype.
Note
To help protect your account, the Microsoft Authenticator app requires a PIN or biometric lock on your device. If you keep your phone unlocked, the app requires you to set up a security lock before turning on phone sign-in.
Turn on phone sign-in
Authenticator App Android Microsoft
Open the Microsoft Authenticator app, go to your work or school account, and turn on phone sign-in.
- When you tap on the account tile, you see a full screen view of the account. If you see Phone sign-in enabled that means you are fully set up to sign in without your password. If you see Enable phone sign-in, tap it to turn on phone sign-in.
- If you’re already using the app for two-factor verification, you can tap the account tile to see a full screen view of the account. Then tap Enable phone sign-in to turn on phone sign-in.
- If you can't find your account on the Accounts screen of the app, it means that you haven't added it to the app yet. Add your personal Microsoft account by following the steps in the Add personal Microsoft accounts article.
Sign in to your account using phone sign-in
Go to your personal Microsoft account sign-in page, and then instead of typing your password, select the Use the Microsoft Authenticator app instead link.
Microsoft sends a notification to your phone.
Approve the notification.
Sign in using two-factor verification for your account
The standard two-factor verification method requires you to enter your username and password into the device you're signing in to, and then choose whether the Microsoft Authenticator app receives a notification or if you want to copy the verification code from the Authenticator app. On an Android device, the verification codes can be found on the Accounts screen. On an iOS device, these verification codes can be found in the Accounts screen or the full screen view of an account depending on the type of account. You turn on two-factor verification for your account when you add the account to the Microsoft Authenticator app.
Note
If you don't see your work or school account or your personal account on the Accounts screen of the Microsoft Authenticator app, it means that you haven't added the account to the Microsoft Authenticator app. To add your account, see Add your work or school account or Add your personal accounts.
For the steps necessary to sign in to your work or school or your personal account, using the various methods of two-factor verification, see Sign in using two-step verification or security info.
Frequently asked questions
Authenticator App Iphone
| Question | Solution |
|---|---|
| How is signing in with my phone more secure than typing a password? | Today most people sign in to web sites or apps using a username and password. Unfortunately, passwords can be lost, stolen, or guessed by hackers. After you set up the Microsoft Authenticator app, it creates a key on your phone to unlock your account that’s protected by your phone’s PIN or biometric lock. This key is then used to prove your identity while signing in. Important Your data is only used to protect your key locally. It’s never sent to, or stored in, the cloud. |
| Does phone sign-in replace two-step verification? Should I turn it off? | Phone sign-in is a type of two step verification where the two steps both happen on the mobile device. You should keep two step verification turned on to help provide additional security for your account. |
| If I keep two-step verification turned on for my account, do I have to approve two notifications? | No. Signing in to your Microsoft account using your phone also counts as two-step verification, so there is no second approval required. |
| What if I lose my phone or don’t have it with me? How do I access my account? | You can always select the Use a password instead link on the sign-in page to switch back to using your password. However, if you use two-step verification you’ll still need to use a second method to verify your identity. Important We strongly encourage you to make sure you have more than one, up-to-date, verification method associated with your account. You can manage your verification methods for personal accounts from your Security settings page. For work or school accounts, you can go to your organization’s Additional security verification page or the Keep your account secure page if your administrator has turned on security info. For more information about security info, see Security info (preview) overview. If you’re unable to manage your verification methods, you must contact your administrator. |
| How do I stop using this feature and go back to using my password? | For personal accounts, select the Use a password instead link during sign in. Your most recent choice is remembered and offered by default the next time you sign in. If you ever want to go back to using phone sign-in, select the Use an app instead link during sign in. For work or school accounts, you must either unregister the device from the Settings page of the Microsoft Authenticator app, or disable the device from the Devices & activity area of your profile. For more information about disabling your device from your profile, see Update your profile and account info from the My Apps portal. |
| Why can’t I use more than one work or school account for phone sign-in? | A phone must be registered to a single work or school account. If you want to turn on phone sign-in for a different work or school account, you must unregister your account from this device through the Settings page. |
| Can I sign in to my computer using my phone? | For your computer, we recommend signing in using Windows Hello on Windows 10. Windows Hello lets you use your face, fingerprint, or PIN to sign in. |
Authenticator App Mfa
Next steps
If you're having trouble getting your verification code for your personal Microsoft account, see the Troubleshooting verification code issues section of the Microsoft account security info & verification codes article.
If you have more general questions about the app, see the Microsoft Authenticator FAQs
If you want more information about two-step verification, see Set up my account for two-step verification
If you want more information about security info, see Security info (preview) overview