How to enable TOTP-based 2FA on a Microsoft account

How to enable TOTP-based 2FA on a Microsoft account

Choosing a 2-factor authentication app #

TOTP-based authentication is a standardized system, so there are different options to choose from:

AppPlatformsHas sync?Open source?Notes
AuthyWindows macOS Linux Ubuntu Android iOSRequires Snap on Linux. Has vendor lock-in — it will not show you your codes. Has better restore functionality than other apps
AegisAndroidSync is via cloud storage API
WinAuthWindows
RavioiOS iPadOSSync is via iCloud
TOTP.appWeb WebStored in browser cookies
oathtoolLinux Debian Ubuntu Fedora CentOS Archlinux LinuxAdvanced
pass-otpLinux Ubuntu Debian Fedora Archlinux LinuxAdvanced
App to avoidReason
❌ Google AuthenticatorBad vendor lock-in, no sync
❌ Microsoft AuthenticatorBad vendor lock-in, very buggy

After you have chosen an app #

Before starting, you should consider performing a malware checkup and browser checkup procedure to defang any current compromise on your PC from being able to steal authentication info.

In this example, we will use Authy. Login to your account by visiting account.microsoft.com or search the web for login to microsoft account.

Scroll down and click Security

Scroll down and click Two step verification - Turn on.

Click Next.

Click set up a different Authenticator app to avoid the dark pattern.

Why? The Microsoft Authenticator app is buggy and has vendor lock-in preventing you from easily switching to other services.

Go to your authenticator app and create a new entry. In this example we are using Authy.

Scan the QR code, or type in the code it generates.

Tip: You can copy this QR code or the text for later reference, and you can add the code to multiple different apps for redundancy.

Give it a name and an icon (optional) and set the token length to 6-digit. Click Save.

Copy the 6-digit code it generates into the Microsoft website to verify that it is working properly. Click Next.

You are done! Make a paper backup of your backup codes if you wish.


© lordpipe

Licensed CC BY — copy this document for your own use.