Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What Happens If I Lose My Microsoft Authenticator App?

If you’re prepared, a little inconvenience. If you’re not? Possible disaster.

by

Microsoft Authenticator is not necessarily two-factor authentication, but the two do share one important characteristic: the need to prepare for loss.
Microsoft Authenticator
(Image: Microsoft)

I regularly revisit several topics because as often as I talk about them, I keep hearing from people who haven’t got the message. I tend to go on about backing up, password managers, two-factor authentication, and so on.

Today’s topic: account recovery information. A little preparation can save you a world of hurt in certain situations.

Situations like losing your Microsoft Authenticator app.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Losing your Microsoft Authenticator

Microsoft Authenticator simplifies website logins, but losing it could lock you out. Always set up backup recovery options, like phone numbers or emails, and keep them updated. Without them, account recovery could be difficult or even impossible. Preparation is key to avoiding frustration or permanently losing access to your account.

Microsoft Authenticator

My Microsoft Authenticator app1 looks like this.

Microsoft Authenticator App.
Microsoft Authenticator App. Click for larger image. (Image: askleo.com)

Per Microsoft:

Microsoft Authenticator is a free app that helps you sign in to all your accounts without using a password – just use a fingerprint, face recognition, or a PIN.

The “fingerprint, face recognition, or a PIN” are the security selections offered by your mobile device. When you use Microsoft Authenticator, you first authenticate with your device using one of those techniques.

The scenario I run into most often is this2.

  • I attempt to sign in to a Microsoft service online.
  • After specifying my email address, I’m told to open my Microsoft Authenticator app and respond to a prompt there. I’m also shown a two-digit number.
  • I open Microsoft Authenticator on my phone.
  • I’m asked to enter my screen lock to access Authenticator.
  • I provide my fingerprint.
  • The authenticator then displays its authentication challenge. Usually it displays three two-digit numbers, and I must tap on the number that was displayed by the site I’m trying to sign into.
  • I tap the number and then on an “Allow” button.

A few seconds after this sequence is complete, the website I’m signing into updates, and I’m in.

Losing Microsoft Authenticator

The scenario that concerns most folks is what happens when they lose the device on which Microsoft Authenticator is installed.

Fortunately, the system is designed to handle this situation, albeit with a little more inconvenience.

Check your authenticator app.
Check your authenticator app. (Screenshot: askleo.com)

Note the two links at the bottom:

  • Use your face, fingerprint, PIN, or security key instead: This switches to using Windows Hello authentication. If you’ve configured Windows to authenticate you using any of these items, you can use one of them instead.
  • I don’t have access to my Authenticator app: This takes you to an alternate authentication approach.

The alternate approach should seem very familiar: you’ll be shown a partial email address or phone number (or both), and asked to select one to receive a code.

Verify your identity.
An alternative way to verify your identity. (Screenshot: askleo.com)

Select one option and you’ll be asked to confirm you know its value. For example, if I were to select “Text” above, I would have to enter the full number that ends in 67 to prove that I know it. Once I’ve done so, a code is sent. Entering that code then signs me in.

Once you’ve signed in, you can:

  • Do nothing, assuming you’ll recover the device containing your Microsoft Authenticator.
  • Go through the steps to associate a new Microsoft Authenticator on a replacement device.

But the bottom line is that you’re in without using the Microsoft Authenticator.

Related


A One-Step Way to Lose Your Account Forever

 I see people lose access to their most important accounts all the time. It's often their own fault that they can't regain access.
#15584

Where the system fails

This system relies on one huge assumption: you’ve previously configured email addresses or phone numbers on which to receive security codes, and you’ve kept them up to date.

Too many people fail this assumption. Either they never set up this information in the first place or the information they originally configured is now out of date. If you no longer have access to the configured email account or phone number, it’s no better than never having set one up.

When this step fails — notice the “I don’t have any of these” in the “We need to verify your identity” request above — Microsoft will take you through a more convoluted advanced recovery sequence. This can be very frustrating and can include delays of up to 30 days before regaining access to the account. Even worse, it can fail.

If it fails — if you are unable to prove you are who you say you are and should be granted access to the account — you will not be granted access. The account will be lost forever.

Do this

I’m a fan of passwordless authentication, and thus using things like the Microsoft Authenticator app.

However, it’s critical that when you do so, you set up the alternate/recovery information associated with the account. Use every opportunity to save this kind of information, and then make absolutely certain that it’s up to date as things — like your phone numbers or email addresses — change over time.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Download (right-click, Save-As) (Duration: 7:38 — 7.1MB)

Subscribe: RSS

Related Video

Footnotes & References

1: Proof, by the way, that “if it can be seen, it can be copied”. The screenshot function on my phone is disabled for “sensitive” apps like authenticators. So a camera does the trick. I left it obviously looking like a photo to make the point, but some photo editing could have made this look nearly indistinguishable from a screenshot.

2: This list of steps seems much more daunting than it is. I’ve laid it all out explicitly, but in practice, it’s a quick few taps and you’re done.

3 comments on “What Happens If I Lose My Microsoft Authenticator App?”

  1. “This system relies on one huge assumption: you’ve previously configured email addresses or phone numbers on which to receive security codes, and you’ve kept them up to date.”

    Isn’t the first part automatic, as all accounts require an email address to open the account and many also require a phone number? The important thing is to make sure they are up to date. I have 3 email addresses and a phone number on all accounts that allow it and are important enough.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.