Step-by-step instructions. You'll be glad you did.
I hear from people with lost, hacked, and inaccessible accounts daily.
Nowhere does this seem to happen more frequently than with Hotmail and Outlook.com accounts (now known simply as Microsoft accounts).
Given the increased importance of Microsoft accounts for everything from email to cloud services to even the ability to log into your PC, losing access to that account can have dramatic and dire consequences.
Microsoft has instituted a fairly obscure security measure that can help you regain access to your account should you lose it: the recovery code. The only "catch" is you have to set it up before you need it.
So let's set it up right now.
Become a Patron of Ask Leo! and go ad-free!
Setting Up a Microsoft Recovery Code
A recovery code can get you back in to your Microsoft account when other techniques, like alternate email addresses and phones, cannot. Set one up before you need it by signing into your account and visiting Advanced security settings. Save the security code in a secure location such that it's available whenever and wherever you might need it to sign in to your account later.
Getting a recovery code
Recovery codes are generated by Microsoft and must be retrieved before you need them. Once you have a recovery code, you keep it in a safe place until you need it.
To get a recovery code, begin by logging into your account1 and clicking on your avatar/picture (or the default placeholder) in the upper right. Then click on My Microsoft account.
On the resulting page, either click on Security in the top bar or scroll down to find and click on the Security section. Once there, click on Security dashboard.
On the Security Dashboard page, click on Advanced security options.
Scroll to the bottom of the page and click on Generate a new code in the Recovery code section.
This will generate and display a new recovery code.
The code is lengthy and looks a little like a product key. Any previous recovery code you may have had for this account is no longer valid.
Storing your recovery code
Your recovery code is important, but also sensitive. You should not share it with anyone, and you must store it securely. Anyone with the recovery code could hijack your account.
Recommendations:
- Print it (as Microsoft suggests) and store the paper in a safe place.
- Save (or print) it as a PDF, and store the resulting file in a secure location.
- Copy/paste the code to a text file, spreadsheet, or other document, and save that file in a secure location.
I save it to a file (so I can copy/paste it when needed, instead of having to type it in) and keep that file in a secure, encrypted location.
Using your recovery code
There are various scenarios in which you can use your recovery code to regain access to your Microsoft account.
As we saw in How Do I Get into My Hotmail/Outlook.com Account if I Don’t Have the Recovery Phone or Email Any More?, Microsoft may ask you if you have one as one of your account recovery options.
If you do have one, it's kind of like a free pass to regaining control of your account.
And if you've followed the instructions above, you now have one.
Do this
Generate and save your Microsoft account recovery code now, before you forget.
Hopefully, you'll never need it.
If you found this article helpful, you'll love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and increase your confidence with technology.
Subscribe now, and I'll see you there soon,
Podcast audio
Footnotes & References
1: You must be able to log in to your account. If you cannot log in to your account, you cannot generate this type of recovery code. This is why I stress repeatedly that you need to set this up before you need it.
We’ve had a lot of questions from people locked out of their accounts over the years. Outlook and other MS accounts were the main culprits. With this recovery code, Microsoft accounts are now one of the better choices. Like Gmail, they offer 15GB storage in the free version. That 15GB is for OneDrive and email storage combined, similar to how Google gives 15GB for gmail and Google Drive combined. I still use Gmail as my main email account but that’s because it’s the address I’ve given people for almost 20 years. That recovery code may be enough to tip the scales in favor of Ourlook.com if you are opening a new account.
Very good to know. However, if one’s account got hacked (and thus needing to be recovered), couldn’t the hacker just go get a new code, invalidating mine instantly? Seems like this may be a step in their arsenal when they get access to one’s account.
Yes. This is true for all recovery information. But better to have it ready for non-hacking scenarios, or when the hackers happen to be less than on top of everything.
Thank you, Leo! I did not know about the recovery key option on my Microsoft account. I already had password-less sign-in and 2FA enabled, and an alternate email address configured for it, and now I have a recovery key stored in my password vault (in the cloud) as a note on my Microsoft email account entry, and in an encrypted 7z archive (using SHA-256 encryption), stored on OneDrive.
I also recommend setting up every recovery option available on all accounts before they are needed. I have never had to recover an account, but if I ever need to, I want to be ready ahead of that time (with as many options as possible), so I don’t have to worry about losing access.
Once again, thank you Leo!
Ernie
I have tried this with Chrome, Edge, and FF with the same results. I manage the steps and get to “Dashboard” and the clicked link goes to a blank, black page.
Time and time again, in three browsers. I can’t get to the Dashboard
I would recommend storing this outside of OneDrive. OneDrive is a Microsoft service, hence you need to be signed into your Microsoft account to view the file… which brings you to the same problem as you needing to be signed in to generate a recovery code.
I have my recovery key stored with all my other 2FA codes, which is, an encrypted document on my iPad, backed up to my iCloud, and 2 copies of the document on an encrypted external hard drive (and the locations of and passwords to the document and copies on a piece of paper in my safe).
Most people who use OneDrive have a OneDrive folder on their computer and it would reside on both their computer and the MS OneDrive servers. If a file is accidentally deleted, it would still reside on your system image backup which I’m sure you all have. But seriously, the most important thing you can do for security is to perform regular system image and daily incremental backups.
And if you do keep it on OneDrive, make sure it’s encrypted.
Definitely. I have all that stored in Crytomator-encrypted files in my DropBox. (or, in some cases, in notes stored in my password mangaer).
Hi Leo
I forgot my e mail password and went through the usual verification process to reset it. However i kept getting the message that i had tried too many times that day. So used a recovery code that i had generated in 2022 but it said i have to wait for 1 month to gain access. I obviously need access before this. Can you suggest what to do next? thanks!
From what I am reading, this seems to be utterly useless to those with a local, rather than a Microsoft, account.
Am I correct?
That is correct. A recovery code is specific to Microsoft accounts.
While I tend to use exclusively Local accounts, I do have a Hotmail account (acquired PRIOR to Microsoft purchasing hotmail.) So I have a Microsoft account.
May I suggest updating this article? Microsoft has updated their Microsoft Account web-page and I had a difficult time FINDING the correct page to apply the ‘additional security’ to ‘Generate a new code’ for a recovery code. (https://account.live.com/proofs/manage/additional)
I was unable to find the page directly under their ‘security’ settings, rather in using their search option was able to find it after a few mis-steps.
Thanks,