Here at Ask Leo!, I hear from people with lost, hacked and inaccessible accounts daily.
Nowhere does this seem to happen more frequently than with Hotmail and Outlook.com accounts (now known simply as Microsoft accounts).
Given the increased importance of Microsoft accounts for everything from email to cloud services, and even the ability to log in to your PC, losing access to that account can have dramatic and dire consequences.
Microsoft has instituted a fairly obscure security measure that can help you regain access to your account should you lose it: the recovery code. The only “catch” is that you have to set it up before you need it.
So let’s set it up right now.
Getting a recovery code
Recovery codes are generated by Microsoft, and must be retrieved before you need them. Once you have a recovery code, you keep it in a safe place until you need it.
To get a recovery code, begin by logging into your account1 and clicking on your avatar/picture (or the default placeholder) in the upper right. Then click on View account.
Depending on the width of your display window, you’ll either have a full menu bar across the top, or you’ll need to click a small down-arrow next to the word Account on the menu bar. In either case, click on Security & privacy.
On the resulting page, click on More security settings.
At this point, you may be asked to confirm your identity again, using a text or phone message or alternate email address. This added layer of security is important, as it confirms that you are indeed the person who owns the account, and that you are the person who can rightfully create and hold the account recovery code.
Once you’ve passed this additional layer of security, you’ll land on the “Security settings” page.
Scroll down and look for the section labeled “Recovery code”.
Click on Get recovery code (or Replace recovery code if you already have one).
Your new recovery code is displayed. The code is lengthy, and actually looks a little like a product key. Any previous recovery code you may have had for this account is no longer valid.
Storing your recovery code
Your recovery code is important, but also sensitive. It should not be shared with anyone, and must be stored securely. Anyone with the recovery code could be able to hijack your account.
- Print it (as Microsoft suggests) and store the paper in a safe place.
- Save (or print) it as a PDF, and store the resulting file in a secure location, such as an encrypted TrueCrypt vault.
- Copy/paste the code to a text file, spread sheet, or other document file, and save that file in a secure location.
I save it to a file (so I can copy/paste it when needed, instead of having to type it in) and keep that file in an encrypted location.
Using your recovery code
There are various scenarios in which you can use your recovery code to regain access to your Microsoft account.
As we saw in How do I get into my Hotmail/Outlook.com account if I don’t have the recovery phone or email any more?, Microsoft may ask you if you have one as one of your account recovery options.
If you do have one, it’s kind of like a free pass to regaining control of your account.
And if you’ve followed the instructions above, you now have one.
Note: This article does get updated from time to time, as Microsoft changes the interface to access your Microsoft Security Settings (though there’s typically a delay).