Multi-factor authentication with authenticator apps is one of the best ways to secure your accounts online, however, it has its drawbacks. One of which is getting locked out of your accounts in case you lose access to authenticator codes as a result of losing or mere changing from one phone to another. This is not only a hassle for Microsoft authenticator, but also for many other authenticator apps including Google Authenticator which makes it nearly impossible to recover the codes.
There is always a bit of house cleaning required before you can be able to recover your authentication codes from Microsoft Authenticator. There are three main parts of the process that are; Enabling Cloud backup, removing existing Microsoft Authenticator sessions, and then Account recovery.
So let’s dive in.
Step 1: Set-up Cloud Back-up for Microsoft Authenticator
This is something you need to do the moment you start using Microsoft Authenticator because it’s from a back-up that you’ll be able to recover all your accounts. If you’re reading this and you already lost access to your authenticator app(old phone) before setting up Cloud backup, then it’s unfortunate, you’ll need to manually recover your accounts and set-up 2-factor authentication again.
It will be easier if you kept a copy of the recovery codes usually offered by account providers when setting up multi-factor authentication. In case you don’t have the recovery codes, don’t worry you can still recover your accounts by following the procedure provided by the respective account provider, different services have different procedures for recovering accounts.
If you’re lucky enough that you still have your old authenticator app with the codes, here’s how you can set-up cloud back up:
For Andriod users:
- The operation requires that your phone is running Android 6.6.0 or later.
- You’re also required to have a personal Microsoft account. This is used to store backups on the cloud.
- Open the app menu from the top right corner and click on Settings
- Navigate to the Backup section and turn on Cloud backup by switching on the toggle button.
- Confirm the Recovery account displayed by the email address.
- After enabling cloud backup, backups will always be saved to your account
For iPhone users:
- An iPhone running iOS 5.7.0 or later
- An iCloud account instead of a Microsoft account that will be used for storage
- Open the app menu from the top right corner and open the app Settings
- Navigate to the Backup section and enable Cloud backup by switching on the toggle button.
- Your iCloud account will be used as the Recovery account
Codes that are backed up from an iPhone can not be recovered from an Android phone or vice versa. For such a case, you will need to manually recover your accounts from the respective account providers.
Step 2: Removing Existing Microsoft Authenticator Session
Recovering codes from Microsoft account requires that there’s no another phone active with your account. This means you can’t have two phones running your Microsoft Authenticator account like it is for some of the other authenticator apps.
If you don’t remove your account from the previous phone, the backup will be replaced by the new phone data meaning you’ll lose all the accounts you had on the old phone.
Follow these steps to remove any existing session of your Account:
For Android users:
This requires you to sign out your Microsoft account from the phone with the app that you previously used.
If you have 2-factor authentication set up on your Microsoft account, it will require you to have the app in order to sign in, follow the steps below to sign in without the app, because well, you don’t have the app:
- Provide your authentication credentials (email and password) at the login page
- On the page that requires verification with the Microsoft Authenticator app, click Sign in Another way
- This will display other alternatives like using your phone number or email address associated with your account
- Depending on what alternative you choose, a verification code will be sent to either your email or phone number which you can then use to sign in to your account
- After logging in, go to Microsoft’s account page and navigate to the devices section to manage the devices connected to your account.
- Identify the old phone from the Devices page, click on the device’s menu, and then Unlink this phone.
- Also, go to the Account security page, navigate to More security Options and turn off two-factor authentication
For iPhone users:
Since Microsoft Authenticator backups are stored on iCloud for iPhone users, the only way to remove the Microsoft Authenticator app from an iPhone is by removing the device from your iCloud account.
Follow these steps to remove the old iPhone from iCloud:
- Go to iCloud.com
- Open Find iPhone app
- Click on All Devices from the top bar and select the old iPhone with the Microsoft Authenticator app. If the iPhone doesn’t exist in the devices list, then it’s already removed from your account, so you don’t need to do anything, just skip the rest of this section and continue to the recovery section of the guide.
- Tap on Erase iPhone, complete the erasing wizard and thereafter click on Remove from Account
Step 3: Recovering Codes in Microsoft Authenticator
Since there won’t be any conflicts between old and new cloud backups because the previous phones are removed, the account is now ready for recovery.
- Download Microsoft Authenticator from Google Play Store or App store
- Don’t sign in to your Microsoft account when prompted to do so at the app welcome screen, Click on Skip instead
- Skip all the next screens until you reach the screen as one shown below, where you’ll start the recovery process.
- Click on begin recovery and provide your account credentials (Microsoft credentials for Android users and iCloud credentials for iPhone users)
- Follow through the recovery wizard, and once recovery is done you’ll see all your existing accounts listed in the app.
Recovering Codes for Work or School
Recovering work or school accounts might require additional verification since the previous phone is tied to the organization account.
Organization accounts which need to be fixed will display an error of “Action Required”
- When you click on the account, it will show a message that you need to scan the QR code provided by the account provider.
- Contact the person at the organization responsible and get access to the QR code which you should then scan to complete the organization account setup.
Even though recovery of the verification codes is possible, it’s important to store a copy of the recovery codes provided by account providers when setting up multi-factor authentications.
They can be of great help in case you’re unable to access the cloud backups for some reason, say you accidentally delete the backup or you lose your phone before setting up Cloud backup.