How to better secure Windows 11 and go passwordless using Microsoft Authenticator

Reading time icon 4 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

In order to better secure Windows 11, it’s best to download and install Microsoft Authenticator on your Android or iOS device. Microsoft Authenticator can remember all of your passwords for you, eliminating the need for you to remember them.

If you use Microsoft Authenticator, you can even sign into your Microsoft account without using a password at all. If you want to make a more secure Windows 11, follow this guide.

Secure Windows 11 using Microsoft Authenticator

For security, the Microsoft Authenticator app can use a fingerprint, face recognition, or a PIN. And don’t worry if you forget your PIN, your password will still work if you need to sign into your Microsoft account.

If you need even more security, you can require a password to use along with a fingerprint, face recognition, or PIN. This is called two-step verification. For personal Microsoft accounts, you can turn two-step verification on and off and reset your password.

For a work or school account, your IT administrator will decide if your organization will use two-step verification, and there may be additional registration steps required.

The Microsoft Authenticator also supports the industry standard for time-based, one-time passcodes, also known as TOTP or OTP. As a result, you can add any online account that supports this standard to the Microsoft Authenticator app.

Two-step verification is more secure than just using your password. Two-step verification requires something you know (a Microsoft Authenticator code) plus something you have (your Android or iOS device). Two-step verification makes it much harder for hackers to gain access.

Turn on two-step verification

Regardless of which mobile device you use, you need to turn on two-step verification on your Microsoft account first. Here’s what to do.

1. Go to the Security basics page of your Microsoft personal account

2. Go to Advanced security options and click Get startedsecure windows 11
3. Go to Additional security and click Turn on next to Two-step verification. Alternatively, you can also manage Two-step verification by clicking Manage at the top of the page.

4. From here, you will see a “Set up two-step verification” setup screen, click Next.

5. Follow the “Set up your smart phone with an app password” instructions as shown on your Android or iPhone. When you are finished, click Next.

At the final screen, you will see apps that may require an app password. You can set up app passwords and devices for these apps now or later. However, without an app password, these apps might not function properly until you do.

If you run into any problems where you can’t use security codes, try these steps for using app passwords with apps that don’t support two-step verification.

6. Click Finish to complete the two-step verification setup process. Now that two-step verification is turned on, you’ll get a security code sent to the Microsoft Authenticator app on your phone every time you sign in on a device that you isn’t trusted.

When two-step verification is turned off, you will need to verify your identity with security codes periodically, when they might be a risk to your Microsoft account security.

Another way you can have a more secure Windows 11 is by going passwordless on your Microsoft Account.

Go passwordless

Once you have Microsoft Authenticator two-step verification turned on, you can decide to go passwordless on your Microsoft account. Going passwordless on your Microsoft account is pretty straightforward, but here’s a refresher just in case.

1. Go to the Advanced Security page of your Microsoft account

2. Under Additional security, click Turn on under “Passwordless account”
secure windows 11

3. A window will pop up that you want to go passwordless on your Microsoft account, click Next to set it up.

4. Open Microsoft Authenticator on your Android or iOS device to approve the request. On your browser, you should see a screen like this one, waiting for you to approve (or deny) the request on your phone.

5. Once you approve the Microsoft Authenticator request on your phone, you will see the following confirmation on your browser.

Now that your password is removed, you can approve (or deny) access requests using Microsoft Authenticator on your Android or iOS device.

Microsoft provides help for common problems with two-step verification for work and school accounts, but those issues depend on what your organization decides is best.

Still using Windows 10? Don’t worry, you can set up two-step verification too. Microsoft announced that account switching is coming to Microsoft 365 web apps and recently added the ability to generate strong passwords with Microsoft Authenticator to make everyone’s life easier.

Do you have a better suggestion to better secure Windows 11? Let us know in the comments!

Microsoft Authenticator
Microsoft Authenticator