Use Microsoft Authenticator for easy, secure sign-ins for all your online accounts using multi-factor authentication, passwordless, or password autofill. You also have additional account management options for your Microsoft personal, work or school accounts.
Multi-factor authentication (MFA) or two-factor authentication (2FA) adds an extra layer of security to your accounts. With MFA, after entering your password, you will be prompted to provide another form of verification, such as a one-time password (OTP) generated by an app or a notification sent to your phone. This helps ensure that it is really you trying to access your account. The OTP codes have a 30-second timer and do not require an internet connection or drain your battery. You can use the Microsoft Authenticator app to store multiple accounts, including non-Microsoft ones like Facebook and Google.
With passwordless login, you can use your phone instead of a password to access your Microsoft account. After entering your username, you will receive a notification on your phone to approve the login. You can also use your fingerprint, face ID, or PIN as a second form of verification. Once you have successfully logged in with 2FA, you will have access to all Microsoft products and services.
The Microsoft Authenticator app also has an autofill feature for passwords. By signing in with your personal Microsoft account, you can sync your passwords from Microsoft Edge and make the app your default autofill provider. Your passwords are protected with MFA, so you will need to verify your identity with your fingerprint, face ID, or PIN to access and autofill passwords on your phone. You can also import passwords from other password managers.
If you have a work or school account, your organization may require you to use the Microsoft Authenticator app to access certain files, emails, or apps. You can register your device and add your work or school account to the app. The app also supports cert-based authentication, which allows your organization to trust your device and grant you access to Microsoft apps and services without having to log in multiple times.
The Microsoft Authenticator app may request optional access permissions, such as accessibility service, location, camera, and access to your storage. These permissions are only used with your consent and are not required for the app to function. For more information, you can visit the app's FAQ page.
Getting started with multi-factor authentication
Multi factor authentication (MFA) or two factor authentication (2FA) provides a second layer of security. When logging in with multi-factor authentication, you’ll enter your password, and then you’ll be asked for an additional way to prove it’s really you. Either approve the notification sent to the Microsoft Authenticator, or enter the one-time password (OTP) generated by the app. The one-time passwords (OTP codes) have a 30 second timer counting down. This timer is so you never have to use the same time-based one-time password (TOTP) twice and you don’t have to remember the number. The one-time password (OTP) doesn’t require you to be connected to a network, and it won’t drain your battery. You can add multiple accounts to your app, including non-Microsoft accounts like Facebook, Amazon, Dropbox, Google, LinkedIn, GitHub, and more.
Getting started with passwordless
Use your phone, not your password, to log into your Microsoft account. Just enter your username, then approve the notification sent to your phone. Your fingerprint, face ID, or PIN will provide a second layer of security in this two-step verification process. After you’ve signed in with two factor authentication (2FA), you’ll have access to all your Microsoft products and services, such as Outlook, OneDrive, Office, and more.
Getting started with autofill
Microsoft Authenticator app can also autofill passwords for you. Sign-in on the Passwords tab inside the Authenticator app with your personal Microsoft account to start syncing passwords, including the passwords saved in Microsoft Edge. Make Microsoft Authenticator the default autofill provider and start autofilling passwords on apps and sites you visit on your mobile. Your passwords are protected with multi-factor authentication in the app. You will need to prove yourself with your fingerprint, face ID, or PIN to access and autofill passwords on your mobile. You can also import passwords from Google Chrome and other password managers.
Microsoft personal, work or school accounts
Sometimes your work or school might ask you to install the Microsoft Authenticator when accessing certain files, emails, or apps. You will need to register your device to your organization through the app and add your work or school account. Microsoft Authenticator also supports cert-based authentication by issuing a certificate on your device. This will let your organization know that the sign-in request is coming from a trusted device and help you seamlessly and securely access additional Microsoft apps and services without needing to log into each. Because Microsoft Authenticator supports single sign-on, once you have proven your identity once, you will not need to log in again to other Microsoft apps on your device.
Optional Access permissions:
Microsoft Authenticator includes the following optional access permissions. All these require user consent. If you choose to not grant these optional access permissions, you can still use Microsoft Authenticator for other services that do not require such permission. For more information see https://aka.ms/authappfaq
Accessibility Service: Used to optionally support Autofill on more apps and sites.
Location: Sometimes your organization wants to know your location before allowing you to access certain resources. The app will request this permission only if your organization has a policy requiring location.
Camera: Used to scan QR codes when you add a work, school, or non-Microsoft account.
Read the contents of your storage: This permission is only used when you report a technical problem through the app settings. Some information from your storage is collected to diagnose the issue.