Microsoft Authenticator is another two factor authentication app that you can use to secure your online accounts. It’s fairly straightforward to setup and can backup easily to the cloud.
To set up Microsoft Authenticator, first install the app from the app store. Then link it to your online accounts as your two factor authentication app, following the instructions specific to each platform. Finally, backup Microsoft Authenticator to the cloud in case you lose access to your phone.
If you been following my recent videos you’ll know I use Authy for two-factor authentication. However, I know many iPhone owners prefer the Microsoft Authenticator app because it backs up directly to iCloud.
This is useful because it means you’re not caught out when it comes time to upgrade or replace your iPhone. You can simply restore your linked 2FA accounts from iCloud to your new phone and away you go.
In a sense, it weirdly makes a Microsoft app perhaps the most practical 2FA solution for Apple users.
How use Microsoft Authenticator and back it up to iCloud
First, download the app as per normal from the App Store.
Upon opening the app you’ll need to agree to the privacy statement, which basically states Microsoft will be collecting diagnostic data but nothing sensitive. You can turn this off later.
Having agreed to the privacy statement we’re then presented with the option to sign into Microsoft or restore our 2FA linked accounts from backup.
You would use this second option if you are replacing your phone and reinstalling the app. I’ll demonstrate that process at the end of the article, however, for now, I’ll skip this page and assume we’re using the app for the first time.
Having clicked Skip, we’re now presented with the main screen where we can add our first account.
For this demonstration, I’ll enable Two Factor Authentication on Wilson’s Facebook account.
Many online services now offer 2FA and some even employ it as default. On Facebook, you can find the option to enable 2FA under Security and Login.
We’ll click on Edit followed by use Authentication App. We’re then presented with a QR code which is the standard method of linking your account to your 2FA app.
We’ll click on Add account and because this is the first account we’re adding, the app wants us to confirm we’re not an existing user needing to restore from backup. I’ll click continue and we’re then prompted to choose the type of account we’re adding.
Click Other and allow the app to use your camera so we can scan the QR code. Having scanned the code on Wilson’s Facebook page the last step to complete the process is to enter the 6 digit number.
And there we have it, we’ve set up two-factor authentication on Facebook. From here on in, when Wilson logs in he’ll be asked for his username, password, and the 6 digit code displayed in the app.
If we take a look at Settings we have several options and, because we skipped logging on to Microsoft during the setup process, the first option is to back up our account.
This is something you should enable because, essentially, if you lose access to these codes, without a backup you’ll lose access to all your accounts.
By clicking on the option, the app will attempt to access iDrive in your iCloud account. Here I receive an error because my iDrive is not enabled, so I’ll go into settings and turn it on.
With iDrive turned on I now need to provide a Microsoft account. Using a Microsoft account is a requirement so, if you don’t have one you’ll need to create one.
I’ll add Wilson’s Microsoft details and we will receive a confirmation that our linked accounts are now being backed up. If we ever need to recover the account we just need to provide the same Microsoft account details.
Also within Settings, you can choose to opt-out of Microsoft collecting diagnostic data and we can enable or disable App lock.
App lock is an additional security feature that requires a pin code or face-unlock to open the app each time you use it.
The next section is only applicable to you if you want to use Microsoft to store all your account details and then use the app to autofill your credentials instead of using apple’s keychain or an alternative app, such as a password manager.
If this is something you want to implement, back on the main screen click on Passwords and click on Sync with your email address. We then need to go into our Apple Settings app, choose Passwords, and change Autofill to use the Authenticator App.
Each of the linked accounts has its own settings icon, which is where we can change the display name for the account and delete the link altogether. However, be sure to disable Two Factor Authentication on the linked account before deleting anything within the App.
Finally, I’ll demonstrate how easy it is to recover your account should you delete the app or, as is more likely, you get a new phone.
How to restore Microsoft Authenticator accounts
To do this I’ll delete and reinstall my Authenticator app. Upon downloading and re-opening the app, rather than skip this section I now click on Restore From Backup.
I’m then asked for account credentials and the app offers the account I previously used to back up to my iCloud. I’ll click this, enter the associated password and that’s it, my account links are all restored.
And that is how to use Microsoft Authenticator. Hope this guide was helpful. For more tips like this, please check out my Youtube playlist of Internet Security Apps. See you there!
P.S.
Facts of Apps
- Microsoft Authenticator was initially launched in 2016.
- As of this writing, it has an average of 4.8 out of 5 star reviews in the Apple app store with over 120,000+ ratings. In the Google Play store, it has an average of 4.7 out of 5 star reviews with over 670,000+ ratings.
- Starting March 2021, Microsoft started rolling out passwordless logins to their operating system. Users needs to have Microsoft Authenticator linked to their accounts. However, at this time, this is only for enterprise users.
- Aside from enabling 2FA via the Microsoft Authenticator app, if you also enabled 2FA via SMS, then theoretically a potential hacker can still bypass your authenticator app. Better to turn off SMS-based 2FA completely.
