Authenticator app recovery with passwordless MSA

Devin Goble 21 Reputation points

My old Android phone got smashed beyond recovery. So, I'm setting up everything on another phone. When I start through the recovery process in the Authenticator app, it asks me to confirm my login using Authenticator, which I obviously can't do. So, I use the "I don't have access to my Microsoft Authenticator app" option. It then emails me a code, and then texts me a code. So far, so good. Then, however, it asks me to create a new password. This is a passwordless MSA, so I have no idea what it's thinking is going to happen.

Why is it prompting me to reset the password on a passwordless MSA? How do I recover the backup?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,059 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Jeremy 5 Reputation points

    I have the exact same problem that @Devin Goble reported here...

    If I try to sign in to my (personal) Microsoft account in my Windows browser, and I click on "I don’t have access to my Microsoft Authenticator app", it prompts me to verify my identity by sending me a code to my email address as well as via SMS to my phone number.

    However, I after I successfully enter in these two codes, it then prompts me to add a password to my (passwordless) account! This makes no sense at all, as a passwordless account isn't supposed to use or need a password.

    Furthermore, Microsoft's FAQ here says "If you lose access to your Microsoft Authenticator app, you can still access your Microsoft Account using an alternate recovery method like text message or a backup email address."

    It doesn't say that I have to add a password back to my passwordless account in order to do that.

    On the Security page of my account, I have configured several methods for verifying my identity - see my screenshot below. And as you can see, I definitely do have the "Passwordless account" setting enabled there. And you can also see that there is no password configured in the list (if my account did still have a password assigned to it, you'd see it there).

    So my questions are:

    1. Why does it force me to add a new password after I use the Email and SMS verification methods?
    2. Why doesn't it simply sign me in to my account after I've verified myself using Email and SMS? According to the above FAQ support article, this is how it's supposed to work.
    3. Why does it only offer Email and SMS as verification methods, even though I've configured "Enter a code from an authenticator app" using a third-party authentication app? It should let me choose this as a verification method, but it doesn't.

    I think it should be possible for someone else to reproduce this, and as far as I can tell this is a bug - the method for signing into an account when you don't have the Authenticator app available is clearly broken.


    1 person found this answer helpful.
    0 comments No comments

  2. Anonymous

    You can restore from backup (assuming there was one) but make sure no accounts have been added to the newly install app. Then sign on with recovery account to do the restore.

    You can recover your account credentials from your cloud account, but you must first make sure that the account you're recovering doesn't exist in the Microsoft Authenticator app. For example, if you're recovering your personal Microsoft account, you must make sure you don't have a personal Microsoft account already set up in the authenticator app. This check is important so we can be sure we're not overwriting or erasing an existing account by mistake.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  3. Simon Skotheimsvik 171 Reputation points MVP

    Hi @Devin Goble ,

    Could it be that you have enabled passwordless authentication without setting your account as passwordless?
    I would recommend you complete the wizard you started to get back into your account before running through the routine of setting up your account as passwordless.


    --please don't forget to upvote and Accept as answer if the reply is helpful--

  4. Marco Faccin 26 Reputation points

    Same for me!
    I decided to reset my phone, and I was confidente because the cloud backup was enabled and I have several methods to access my Microsoft account.

    I was surprised that to restore my account I could only use email and SMS and then insert a password. Other apps using my microsoft account accepted the use of a yubikey or other methods but the Microsoft Authenticator app no, either you approve the access from your authenticator app or you reset your credential (giving up passwordless).

    I totally agree, this is a bug that makes Microsoft Authenticator quite fragile and I've decided to move away from it as 2FA app because thanks to this nice bug I've lost the backup and I had to reset the 2FA to all my accesses.

    0 comments No comments