Official path
Security tab → Manage how I sign in → Add a new way to sign in or verify → Use an app → Two-step verification Before you start
- Sign in on a trusted browser before you change sign-in methods.
- Know whether you are working with a personal account or a work and school account.
- Keep a secure place for the 25-character recovery code.
Setup steps
- 01
Open sign-in management
Go to account.microsoft.com/security, then open Manage how I sign in from the Microsoft account Security tab.
- 02
Add an authenticator app
Choose Add a new way to sign in or verify, then Use an app. If needed, choose Set up a different Authenticator app and click Next.
- 03
Scan or enter the code
On the phone, use Microsoft Authenticator and select Personal account, then Scan a QR Code. If scanning fails, use I can't scan the bar code and Enter code manually.
- 04
Turn on verification
Complete the prompt so the app becomes an enabled sign-in method, then generate and store the recovery code.
Recovery and backup
Find the recovery code section
In Manage how I sign in, scroll to Recovery code and choose Generate a new code.
Store a fresh copy
Print or write down the 25-character code and keep it separate from the device used to sign in.
Use other sign-in options
If the app is missing, open Other ways to sign in and choose the recovery path Microsoft shows on the sign-in screen.
Common problems
Single recovery code
Microsoft personal accounts use one recovery code, not a list of backup codes.
Old code invalidation
Generating a new recovery code immediately invalidates the old one.
Security info delays
Changing security info can trigger a 30-day wait and lock you out if you do not keep multiple recovery methods.