Additional security options

Question

For account security, Microsoft offers options to send codes by email and phone number along with Authenticator app and security keys. But I have not found a way to remove sending codes by email i.e. just keeping a single option - Authenticator app or physical security key. Option to send codes by email and phone number are not as secure as using a hardware security key. The account is already passwordless. I am wondering if there is any way to do this if not can Microsoft consider this as a feature to increase the account security options?

Answer 1

Hello Aditya_J, my name is Emmanuel. I'll be more than happy to assist you today!

I completely understand your concern about the security of your Microsoft account by only having a single option to be able to sign using the authenticator app. If you want to only use the authenticator app when signing in, you can go to the ADVANCED SECURITY SETTINGS by logging into your Microsoft account using this link https://account.microsoft.com/ then go to SECURITY > click GET STARTED under ADVANCED SECURITY OPTIONS then from there, you would be able to set to use TWO STEPS VERIFICATION to be able to sign in to your account. If I am not mistaken, you can only remove the email and SMS option from there. Here is the quick access link https://account.live.com/proofs/manage/additional

Please be extra careful when you set your sign in preference of using the authenticator app only.

I hope this information answers your question.

Let me know if this works for you.

Answer 2

You should ALWAYS have two or more methods for verification. What would you do if you dropped and broke your phone? Your account would be gone forever. If you use a physical device, like a Yubikey, always configure two (or more) and store one in a safe deposit box or someone else safe in case you were to lose one or break it.