Here in the identity division at Microsoft, we don’t like passwords any more than you do! So we’ve been hard at work creating a modern way to sign in that doesn’t require upper and lowercase letters, numbers, a special character, and your favorite emoji. And after a soft launch last month, we’re excited to announce the GA our newest sign-in feature: phone sign-in for Microsoft accounts!
With phone sign-in, we’re shifting the security burden from your memory to your device. Just add your account to the Android or iOS Microsoft Authenticator app, then enter your username as usual when signing in somewhere new. Instead of entering your password, you’ll get a notification on your phone. Unlock your phone, tap “Approve”, and you’re in.
This process is easier than standard two-step verification and significantly more secure than only a password, which can be forgotten, phished, or compromised. Using your phone to sign in with PIN or fingerprint is a seamless way to incorporate two account “proofs” in a way that feels natural and familiar.
Here’s how you set it up:
- If you already use the Microsoft Authenticator for your personal account, select the dropdown button on your account tile, and choose Enable phone sign-in.
- If you are adding a new account on an Android phone, we’ll automatically prompt you to set it up.
- If you are adding a new account on an iPhone, and we’ll automatically set it up for you by default.
Then just try it out! The next time you sign in, we’ll send a notification to your phone. That’s it!
Note: A link at the bottom of the confirmation page lets you choose to use a password instead if your phone isn’t handy, or you can switch back from your password to the Microsoft Authenticator. Either way, we’ll remember your preferences next time you sign in.
Using a device to sign in is new to you, and it’s new to us, too. We want to make sure we get it right, so we want to hear from you. Use the Microsoft Authenticator forum to offer suggestions, ask questions, and engage with our support team and other fans of account security. And as always, keep an eye on this blog for news about improvements and new features.
We look forward to hearing from you!
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division
[Update 4/18/17 3:08pm Pacific: A few people have asked if this works with Windows Phone version Microsoft Authenticator. This app is designed for iOS and Android. We work directly with the Windows on native integration of rich authentication experiences within Windows and Windows roadmap is communicated separately.]
[Update 4/10/2017 1:24pm Pacific: We’ve received quite a few questions about whether or not this approach qualifies as “two factor authentication”. We believe it definitely is two factor, but there are quite a few different interpretations of what actually constitutes two factor authentication. We think of it like this: The mobile device is the first factor (something you have). The pin or fingerprint you create on the device is a second factor (something you know or are). Each sign-in session requires both of these. Thus we see this as two factor authentication.]