![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 68%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
A USB security key is a strong two-step verification method. If the account is asking for a security key and there is no access to that key or any other verification method, recovery is limited to Microsoft’s automated processes.
Based on the available guidance, the only supported options are:
- Try all available sign-in verification methods
- Start sign-in at https://account.microsoft.com and choose Other ways to sign in if shown.
- Use any method that is still accessible (phone, alternate email, Microsoft Authenticator, recovery code, etc.).
- If prompted with multiple options, always select one that can actually be used; if none work, choose I don't have any of these when that option appears.
- Use the Microsoft account recovery form correctly
- Before using the form again, review: Help with the Microsoft account recovery form.
- Use a device and location previously used with this account, if possible.
- Provide a working contact email (can be any account) as described in Step 1: Ensure you have a working email for Microsoft account recovery.
- Fill in as much detail as possible. For a new account with little activity, include:
- All passwords ever used on this account.
- Approximate date the account was created.
- Any folders created, rules set up, or contacts added.
- If the daily submission limit or attempt limit is reached, wait the required lockout period (typically about 24 hours) before trying again, and avoid repeated attempts during that time.
- If all security info and 2-step methods are lost
- For accounts with two-step verification turned on where none of the alternate methods can be accessed, support agents cannot bypass security, send password reset links, or change account details. This is explicitly stated in Help with the Microsoft account recovery form.
- In that case, only successful completion of the recovery form can restore access. If the system continues to reject the form for insufficient information, there is no additional manual override path documented.
- If password is known but security info is lost (for future reference)
- When the password is known but some security info is lost, the documented path is to sign in to Advanced security options, add a new verification method, then remove the old one. However, this requires being able to sign in at least once, which is not possible in the current situation.
- About “getting” a USB security key now
- A new physical USB security key purchased now will not help unless it was previously registered to this Microsoft account. The prompt is for a key already associated with the account; a new, unregistered key cannot be used to bypass existing security.
If the account continues to fail recovery because it is new and has minimal history, and all verification methods (including the registered security key) are unavailable, the documented processes do not provide an additional way to regain access. In that case, the practical option is to create a new Microsoft account and ensure multiple recovery methods (phone, alternate email, recovery code, and possibly a security key) are configured and safely stored.
References: