Setting up Two-Factor Authentication for your Google account AND Microsoft account
Sponsored By
I use Two-Factor Authentication for my Google Apps account and I use the Google Authenticator application on my iPhone to generate the second factor.
Microsoft Accounts (formerly Live Accounts) just launched Two-Factor Auth and you should set it up now. That means SkyDrive, Outlook.com/Hotmail as well as the Windows Azure Dashboard can now be fronted by two-factor auth.
If you already use two-factor for Google, you can ADD your Microsoft account to the Google Authenticator application on your Android or iPhone. That means I can use one Authenticator application for all accounts which is extremely convenient.
The process for setting up two step authentication on a Microsoft account is:
- Get an Authenticator app.
- If you have a Windows Phone, use the Authenticator app.
- For Android, use the Google Authenticator.
- For iOS, use the Google Authenticator.
- Head over to https://account.live.com/proofs/Manage and login to your Microsoft account.
- Run your Authenticator app and scan the barcode with your phone's camera
- Enter the number you're given and click Pair.
PRO TIP: If you have two factor auth turned on for BOTH Microsoft Accounts and Google Accounts, make sure you click Edit and change the display name of your accounts so you can tell them apart! I appended [MS] and [GOOG].
You can also set this up and use the same app for Dropbox, LastPass and more sites every day.
The process for Google is similar. Get the app installed, and go to the Google 2-step verification page. I've been running two-step since it came out and the annoyance is minor compared to the comfort of a little extra security.
Note that some apps (like the mail app on your phone) may not support two-factor auth, so you'll need to create an application-specific password for those apps. It's a one-time password just for the apps that need them and you can revoke those passwords anytime.
- For Microsoft accounts, generate App Passwords here.
- For Google accounts, generate Application-specific passwords here.
Have fun and be secure!
About Scott
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.
About Newsletter
Hosting By
yep, exactly. Just click the "i can't see the bar code" and it will reveal the key that sets up the account. Google has a similar process for their setup as well.
Great article Scott. Thanks for the tip!
I had some trouble editing the names in the Google Authenticator app, but it eventually worked.
I had some trouble editing the names in the Google Authenticator app, but it eventually worked.
Good as this news is, I can't help but wish they had enabled yubikey authentication which I currently use. I see a yubikey as being far more resilient than a phone and more convenient to carry around, and less likely to be stolen.
Dafydd - I see two problems with that. Microsoft doesn't make the yubikey, but they do a mobile phone os. Second, since yubikey is a usb device, it would not work with phones, tablets or other devices without a usb port.
Try out Duo Mobile instead of Google Authenticator. Pretty icons, better user experience, easier to rename accounts, etc.
http://guide.duosecurity.com/third-party-accounts
Download for: iPhone, Android
(Disclaimer: I work for Duo.)
http://guide.duosecurity.com/third-party-accounts
Download for: iPhone, Android
(Disclaimer: I work for Duo.)
The new Outlook.com app for Android doesn't seem to be playing well with 2-factor authentication at the moment. Just configured it all and after putting in the code from Google Authenticator it sends me to an authorization screen and granting permissions there throws up an error "Authentication failed." Wondering if anyone else is having the issue.
For BlackBerry 10, there's Authomator. Same functionality as the other auth apps, and looks good too! I have a few accounts running 2-factor auth via this app.
It works in reverse also. I have a windows phone which has the Microsoft Authenticator App. I can now use that for both Windows Live, and Google. Just FYI.
@Dan -- Did you generate an app password for the Outlook Android app once you enabled Two-Factor Auth?
Adam, the new yubikey supports RFID, designed for the new breed of phone. Also yubikey is opensource, MS can see how secure, or not it is, and contribute.
Great! I used Facebook two-factor athentication with a text message I never got. But hopefully this solution will work good.
Another pro tip: Note that if you added a Google and Microsoft account like I (and Scott) did and you the edit button doesn't work if you want to add [GOOG] and [MS] you might need to delete one or the other for it to function properly.
@RobIII
No need to delete in iOS, just click 'Legal Information' first, then try 'Edit' again.
See https://twitter.com/leftside/statuses/161128520620318723
No need to delete in iOS, just click 'Legal Information' first, then try 'Edit' again.
See https://twitter.com/leftside/statuses/161128520620318723
Hello all,
If, like me, you use Google Authenticator and you use your Gmail address as your MS log in, scanning the MS QR code will overwrite the your Google account authentication settings.
Instead you need to add the account manually ("Enter Key Provided") rather than scanning the QR code!
Hopefully this will save someone some pain!
P.
If, like me, you use Google Authenticator and you use your Gmail address as your MS log in, scanning the MS QR code will overwrite the your Google account authentication settings.
Instead you need to add the account manually ("Enter Key Provided") rather than scanning the QR code!
Hopefully this will save someone some pain!
P.
Hi all, after setting up 2 factor auth my Sky Drive app started failing on iOS. It just would not accept my password. It turns out that Sky Drive on iOS does not support 2 factor auth so you have to create an app password for it (look at the bottom of Scott's post about generating app passwords). You then enter the app password into the password field, not your original password, and hey presto, we're in.
Hope this helps others because my phone almost became a Frizbee over this ;-)
Hope this helps others because my phone almost became a Frizbee over this ;-)
Am I missing something or it is not possible to add multiple accounts to the Google Authenticator app on Android?
Actually, I was using the gmail address as my MS login. Thanks for the tip Paul!
If you are like me and have more than one device you can setup Google Authenticator on multiple devices as long as you scan the barcode at the same time. So put all your device side by side, generate the barcode and scan it in for each device. You can't do it after the fact.
Here is how to use a YubiKey with Gmail ('Google’s 2 step verification'); I would be if it did not work with Microsoft's implementation as well.
Hi.
Is possible to link other MS account to MS account with 2way auth ? if yes how. i cant do that :/ by this link ..://
https://account.live.com/AddLink.aspx
Is possible to link other MS account to MS account with 2way auth ? if yes how. i cant do that :/ by this link ..://
https://account.live.com/AddLink.aspx
I set up 2-factor Auth yesterday on my home PC. Logging into Azure today on a different PC and it does not ask for a code. It just accepts a password and logs in.
*** one BIG problem ***
If you have two account with different providers that have the same login ID then the second addition will overwrite the first.
I have an MS account that uses my gmail address as the login. Scanning the MS QR in GAuthenticator replaced the existing GAccount! The secret behind the Authenticator item is different. So it fails against G.
So, it is very IMPORTANT that if you have this situation then rename your the Authenticator item for Google _first_. Then add the MS (or other provider) account. Then rename it.
It you manage to fubar your Authenticator you can re-add the G account by going to "2-step verification" settings in your G account and use the "Move to different phone" option. A bit scary but it will present you with a QR code to rescan into the same phone.
Hope this helps someone.
--A
If you have two account with different providers that have the same login ID then the second addition will overwrite the first.
I have an MS account that uses my gmail address as the login. Scanning the MS QR in GAuthenticator replaced the existing GAccount! The secret behind the Authenticator item is different. So it fails against G.
So, it is very IMPORTANT that if you have this situation then rename your the Authenticator item for Google _first_. Then add the MS (or other provider) account. Then rename it.
It you manage to fubar your Authenticator you can re-add the G account by going to "2-step verification" settings in your G account and use the "Move to different phone" option. A bit scary but it will present you with a QR code to rescan into the same phone.
Hope this helps someone.
--A
Thank you very much Scott,
this is a very great feature. At first I had a tricky problem:
I used my gmail address as primary account address for my microsoft account too. After I was scanning the QR-Code for Microsoft 2-Step authentication, Google Authenticator on my droid did simply override the 2-STEP authentication from google with microsoft.
I had to reset the Google Authenticator on my droid again by visiting: https://accounts.google.com/b/0/SmsAuthSettings
After that, I changed my primary email address in my Microsoft account, by visiting: https://account.live.com/ChangeId.aspx
Finally after creating an extra [MyName]@live.at email account, everything worked fine with 2 different authentication accounts stored in Google Authenticator on my droid!
Kind regards, Heinrich Elsigan.
this is a very great feature. At first I had a tricky problem:
I used my gmail address as primary account address for my microsoft account too. After I was scanning the QR-Code for Microsoft 2-Step authentication, Google Authenticator on my droid did simply override the 2-STEP authentication from google with microsoft.
I had to reset the Google Authenticator on my droid again by visiting: https://accounts.google.com/b/0/SmsAuthSettings
After that, I changed my primary email address in my Microsoft account, by visiting: https://account.live.com/ChangeId.aspx
Finally after creating an extra [MyName]@live.at email account, everything worked fine with 2 different authentication accounts stored in Google Authenticator on my droid!
Kind regards, Heinrich Elsigan.
one more thing comes to my mind, auth code via sms always fails to deliver, this is way better in practical ;)
Two factor authentication is great. Thanks for the Google Authenticator tip. I was using the Authenticator app on my Windows Phone, but needed something for iPhone to work with SkyDrive.
I recently started using the authenticator app on my iphone to get into my msn hotmail. Until a few days ago, I had an update for the app which I updated. Now it has completely changed to what I know and I don't understand how to use this or even get the code to sign in, which also means I can't access my account. What can I do to get into my account or even take of the verification security just for now?
If you have Blackberry 10 devices, use the built-for-blackberry "Authomator" app. It supports Google, Microsoft, and Facebook authentication codes and can scan barcodes.
This stuff assumes that you have a phone, and that it's on a network that works everywhere in the world you might want to access your email account. For people who travel a lot, it's unworkable.
Ron - Actually, no, the Authenticator apps don't require ANY network access once they are set up. I use them all over the world, even in Airplane mode.
One of the most annoying things about microsoft 2 factor authentication is it ALWAYS refuses to work with my google authenticator. It did work for a while but not matter how many times I pair it using either method (scan or number) then it simply refuses to recognise the number my authenticator generates.
I have had to turn it off which I don't like.
I have no idea who to complain to so I'm ranting in this old (really good) post. I can't be the only one surely ?
I have had to turn it off which I don't like.
I have no idea who to complain to so I'm ranting in this old (really good) post. I can't be the only one surely ?
Comments are closed.
I would also add that Dropbox added 2-factor a few months back, which also works with these standard authenticator apps and there is a cool article on how to add it to your own Asp.Net app here http://www.codeproject.com/Articles/403355/Implementing-Two-Factor-Authentication-in-ASP-NET
Finally, back up your code to a physical medium! Print it out and put it in your safe or some other physically secure place. You may lose your phone, do a factory reset, have multiple phones that you want your authenticator on...lots of scenarios like that. It's good to have, even though most systems do have at least one failsafe built in for you to recover your account.