How-to Guides

How to Use Microsoft Authenticator in 2026: Setup, 2FA & Passkeys

Aditya Singh
How to Use Microsoft Authenticator for Secure Logins

To use Microsoft Authenticator, install the free app on your phone, sign in with your Microsoft account, and tap the + button to add accounts — either by approving a push notification for your Microsoft sign-ins or by scanning a QR code to generate 6-digit codes for Google, Facebook, Amazon, and almost any other service. The app handles two-factor authentication (2FA), passwordless phone sign-in, and passkeys, all in one place and for free.

One important change to know in 2026: Microsoft retired the built-in password manager and autofill features in mid-2025. Authenticator is now a dedicated authentication app — your saved passwords moved to Microsoft Edge. We cover exactly what that means for you below.

In a hurry? Jump to: Set it up · Add any account · Passwordless sign-in · Passkeys · The 2025 password change · Alternatives · FAQ

What Microsoft Authenticator Actually Does

Microsoft Authenticator is a free security app for Android and iPhone that protects your online accounts with a second verification step beyond your password. Even if someone steals your password, they can't sign in without the code or approval on your phone.

As of 2026, the app focuses on four jobs:

  • Push approvals: For Microsoft, work, and school accounts, you simply tap “Approve” on a notification instead of typing a code.
  • Time-based codes (TOTP): Standard 6-digit, 30-second codes for non-Microsoft accounts like Google, Amazon, GitHub, Instagram, and X.
  • Passwordless phone sign-in: Log into your Microsoft account with your phone and a fingerprint or face scan — no password at all.
  • Passkeys: Store phishing-resistant FIDO2 passkeys for compatible Microsoft Entra (work/school) accounts.

A common myth is that authenticator apps are only for IT pros. They're not. Setting one up takes about two minutes, and it's one of the single most effective things you can do to protect your accounts.

How to Set Up Microsoft Authenticator (Step by Step)

The setup flow is nearly identical on Android and iPhone.

Step 1: Download and install the app

Installing the Microsoft Authenticator app from the app store

Download Microsoft Authenticator from your device's app store — it's free with no ads. On Android, get it from the Google Play Store. On iPhone or iPad, get it from the Apple App Store. Open the app and accept the privacy prompts.

Step 2: Sign in with your Microsoft account

Signing in to the Microsoft Authenticator app

Tap Add account, choose Personal account (or Work or school account), and sign in with your Microsoft credentials. This registers the app as a trusted device. If your account already has 2FA enabled, you'll be asked to verify once — usually by email or text — to finish linking.

Step 3: Turn on cloud backup (don't skip this)

Adding an account and enabling backup in Microsoft Authenticator

Open the app's Settings and enable Cloud backup (called iCloud Backup on iPhone). This is the step most people miss — and the one that saves you if you lose or replace your phone. Backup links your account credentials to your Microsoft account so you can restore them on a new device. Without it, you may have to re-add every account manually.

How to Add Any Account (Google, Facebook, Amazon & More)

Microsoft Authenticator isn't just for Microsoft. Because it follows the open TOTP standard, it works with almost any service that supports authenticator apps. Here's how to add one:

  1. On the website or app you want to protect (for example, Google or Instagram), open Security or 2-Step Verification settings and choose Authenticator app as your method. A QR code will appear on screen.
  2. In Microsoft Authenticator, tap the + icon in the top corner.
  3. Select Other account (Google, Facebook, etc.).
  4. Point your camera at the QR code to scan it. If you can't scan, tap Enter code manually and type the setup key the service provides.
  5. The account appears in your list with a rolling 6-digit code. Enter the current code on the website to confirm, and you're done.

From then on, whenever that service asks for a verification code, just open Authenticator and type the number shown. Each code refreshes every 30 seconds.

Also Read: Google Chrome's Biggest Security Update: What 429 Fixes Mean for You

How to Use Passwordless Phone Sign-In

Passwordless sign-in is one of Authenticator's best features: you log into your Microsoft account using only your phone and a biometric, with no password to type or remember.

To enable it, open Authenticator, tap your Microsoft account, and select Enable phone sign-in. After that, when you sign in to Outlook, Microsoft 365, Xbox, or any Microsoft service, instead of asking for a password the screen shows a two-digit number. You open the notification on your phone, tap the matching number, and confirm with your fingerprint or face. That number-matching step is a deliberate anti-fraud measure — it stops you from blindly approving a request a hacker triggered.

How to Use Passkeys in Microsoft Authenticator

Passkeys are the most phishing-resistant option Authenticator offers. A passkey replaces your password entirely with a cryptographic key tied to your device and unlocked by your biometrics. There's nothing to phish, guess, or reuse.

To register a passkey, your device needs iOS 17 or later or Android 14 or later, and you must have a screen lock (PIN, fingerprint, or face) enabled. The fastest method is to open Authenticator, tap your account, and choose Create a passkey, then complete the multi-factor prompt. You can also add one from your phone's browser through your account's Security info page by selecting Add sign-in method → Passkey in Microsoft Authenticator.

Note that full passkey support is strongest for Microsoft Entra ID (work and school) accounts. If your organization uses passkeys, keep Authenticator set as your passkey provider in your phone's settings — disabling it there will turn those passkeys off.

Important: The 2025 Password Manager Change

If you used Microsoft Authenticator to save and autofill passwords, that feature is gone. In 2025 Microsoft retired the password manager and autofill built into the app, on this timeline:

WhenWhat changed
May 2025In-app notices warned users of the upcoming change.
June 2025You could no longer add or import new passwords in the app.
July 2025Autofill from Authenticator stopped working.
Mid-August 2025Saved passwords and addresses became inaccessible inside the app.

Your passwords weren't deleted. They were synced to your Microsoft account and are now managed in Microsoft Edge (Edge Settings → Passwords), available on every device where you sign in to Edge. Saved payment details, however, were removed for security and need to be re-entered. If you'd rather not use Edge, you can export your passwords and switch to Google Password Manager, iCloud Keychain, or a dedicated password manager, then set that as your phone's default autofill provider.

The takeaway: in 2026, treat Microsoft Authenticator purely as a 2FA, passkey, and passwordless app — not a password vault.

Why Two-Factor Authentication Is Worth It

Passwords alone are weak. They get reused, leaked in breaches, and phished. Two-factor authentication adds a second proof — something you physically have, your phone — so a stolen password isn't enough to break in. The codes Authenticator generates are valid for only about 30 seconds and never travel over SMS, which sidesteps the SIM-swap and text-interception attacks that plague text-message 2FA.

That's why security experts recommend an authenticator app over SMS codes for any account that matters: email, banking, social media, and cloud storage. If you're hardening your phone overall, pairing 2FA with a trustworthy VPN and a secure browser is a smart move.

Related reading on AndroidHire:

Microsoft Authenticator Alternatives in 2026

Microsoft Authenticator is excellent and free, but it isn't the only option. Here are the strongest alternatives this year and who each is best for. Note that Authy's desktop apps were discontinued in 2024 and its mobile app is now in maintenance mode, so we no longer recommend it as a first choice for new users.

AppPlatformsCloud backup / syncOpen sourceBest for
Microsoft AuthenticatorAndroid, iOSYes (Microsoft account / iCloud)NoMicrosoft users and passwordless sign-in
Google AuthenticatorAndroid, iOSYes (Google account)NoGoogle-centric users who want simplicity
2FASAndroid, iOS, browserYes (iCloud / Google Drive)YesCross-device sync without phone-number lock-in
Ente AuthAndroid, iOS, desktop, webYes (end-to-end encrypted)YesPrivacy-first multi-device sync
Aegis (Android) / Raivo (iOS)Android / iOSLocal + encrypted exportYesPeople who want codes that never leave the device
1PasswordAll major platformsYes (encrypted)NoKeeping logins and 2FA codes together (paid)

Our pick if you leave Microsoft Authenticator

For most people who want an independent, free authenticator with painless multi-device sync, we'd point you to 2FAS or Ente Auth rather than Authy. Both are open-source, support a desktop or browser companion, and don't require a phone number to set up. If you already pay for a password manager like 1Password, using its built-in authenticator keeps everything in one encrypted place.

How We Tested

We installed the latest version of Microsoft Authenticator on both Android and iPhone and walked through the full setup: linking a personal Microsoft account, enabling cloud backup, adding non-Microsoft TOTP accounts via QR code, turning on passwordless phone sign-in, and registering a passkey. We compared the experience against Google Authenticator, 2FAS, and Ente Auth, and we verified the 2025 password-manager retirement and the current passkey requirements directly against Microsoft's official support and Entra documentation. Where exact figures could change, we describe behavior qualitatively rather than guessing.

Bottom Line

In 2026, Microsoft Authenticator is a top-tier, free 2FA app — especially if you live in the Microsoft ecosystem and want passwordless sign-in and passkeys. Set it up in two minutes, turn on cloud backup so you never lose access, and add every important account behind it. Just remember it's no longer a password manager: your saved passwords now live in Microsoft Edge. Do that, and you've closed the single biggest hole in your account security with almost no effort.

Frequently Asked Questions

Is Microsoft Authenticator free to use?

Yes, Microsoft Authenticator is completely free on both Android and iPhone, with no ads or in-app purchases. You only need a Microsoft account to enable features like cloud backup and passwordless phone sign-in, and even that account is free to create.

Can I use Microsoft Authenticator for non-Microsoft accounts?

Yes. Because it supports the open TOTP standard, you can use Microsoft Authenticator for Google, Facebook, Amazon, Instagram, GitHub, and almost any other service that offers authenticator-app 2FA. Just tap the + icon, choose 'Other account,' and scan the QR code shown by that service.

Does Microsoft Authenticator still save and autofill passwords?

No. Microsoft retired the built-in password manager and autofill in 2025, and the data became inaccessible in the app by mid-August 2025. Your saved passwords were synced to your Microsoft account and are now managed in Microsoft Edge under Settings then Passwords. Saved payment cards were removed for security and must be re-added elsewhere.

What happens if I lose my phone with Microsoft Authenticator installed?

If you enabled cloud backup beforehand, you can install Authenticator on a new phone, sign in with the same Microsoft account, and restore your accounts. Without a backup you may need to re-add each account manually using each service's recovery codes, so turn on cloud backup right after setup.

How do I move Microsoft Authenticator to a new phone?

Make sure cloud backup is enabled on your old phone first. Then install the app on the new phone, sign in with the same Microsoft account, and choose to recover from backup. Verify each restored account works, and only then remove the app from the old device.

Are passkeys in Microsoft Authenticator the same as passwords?

No. A passkey is a cryptographic credential tied to your device and unlocked by your fingerprint or face, with nothing to type or phish. To register one in Authenticator you need iOS 17 or Android 14 or later and a screen lock enabled. Full passkey support is strongest for Microsoft Entra work and school accounts.

Is Microsoft Authenticator safer than SMS text codes?

Yes. App-generated codes and push approvals never travel over the cellular network, so they sidestep SIM-swap attacks and SMS interception that can compromise text-message 2FA. Push approvals with number matching also help stop you from accidentally approving a hacker's login attempt.

Can I use Microsoft Authenticator on multiple devices?

You can install the app on more than one device and sign in with your Microsoft account, and cloud backup lets you restore your accounts across devices. However, the app is mobile-only and requires a smartphone or tablet; there is no standalone desktop version.

AppsMicrosoftSecurity

Related Articles