Download!Download Point responsive WP Theme for FREE!

Microsoft Two Step Verification: The Good, The Bad, and The Ugly


I decided to give two step verification a try this morning. While I welcome added security to make things harder for the bad guys, I was a bit hesitant because I couldn’t find a clear explanation as to what I should expect. Well, it’s done and here is what I know so far.

The Good

Setting up TSV on my primary Hotmail account was relatively easy from my desktop PC. I activated they service and opted to have Microsoft send me a verification code via text (I could have also opted to get a code via phone call or alternate email address, so no worries Marti). Before I could start though, I had to unlink the new Outlook account I created when that domain became available. Microsoft indicated that I would be able to relink the account after setting up TSV (more on that later). After TSV was activated it was also easy to activate the Windows Phone Authenticator account by scanning the barcode on the screen.


I repeated the above for the new Outlook account and a business (Live) account that I use. Note:  the Authenticator app can generate codes for multiple email accounts. All went smoothly. As Windows Phone and XBox don’t yet work with TSV, and require a custom generated App password, I tried accessing these email accounts from my phone and didn’t get any login errors. I also turned on XBox and didn’t get a sign in error when connecting. All good so far.

The Bad

So that you don’t need to verify a device each time you login to it, you can “Trust” the device. In the past, you were able to view which devices were trusted, but no more. You can untrust ALL of your devices, but you can’t view them. So, it would be good to login to all your devices after activating TSV, and check the box, “I sign in frequently on this device”, if you don’t want to be bothered with these nag screens.


All of my phone apps that access SkyDrive would not connect after activating TSV. I needed to open the Authenticator app which generated a code for my email address, switch back to the app, enter my SkyDrive password and then my authentication code. I believe these generated codes have a short life so you need to navigate rather quickly. Hopefully, I don’t need to do this each time the apps get updated. You can find out which apps are accessing your Microsoft account by going to Microsoft Account>Permissions>Apps & Services. My apps included; SkyWallet, Handscan, CleverToDo & ShareFolder.


The Ugly

The SkyWallet WP app currently uses a stand alone desktop client, that allows you to access your encrypted password file which is stored on SkyDrive. The first time I tried to login to the app from my desktop, I got the, “can’t login to SkyDrive message”. I needed to login to my Microsoft account via my desktop (the WP Authenticator app won’t work for desktop app passwords, although it worked fine for phone app codes) and generate an app password (a 16 character alpha code) and copy/paste it into SkyWallet app. That worked ok. But, I use this app on both my desktop and notebook. When I tried logging in from the notebook, I got the same error. When I opened my Microsoft account from the notebook and generated an App password, it of course was different than the first one. After the copy/paste I was able to sync my password data. But opening the app on my desktop presented the same error again. I needed to write down the alpha code generated on my notebook and manually type the code into SkyWallet on my desktop. I believe the code needs to be used within a short time period so time is of the essence. That worked and subsequent openings/closings seem to be working. I know this may be an isolated issue with a particular app, but it is still troublesome. Note:   I tried accessing SkyDrive via the All My Storage Win 8 app and had no problems from my “trusted” devices. Update: When trying to access a TSV SkyDrive account, not connected to my device (desktop/notebook/tablet) I needed to delete the account, re-created the account, log back into SkyDrive with that account’s credentials and then enter the code created by the WP Authenticator app. Same process as with setting up the WP apps.

I have tried several times to re-link my Outlook account to my Hotmail account, as Microsoft said I could after activating TSV. But it’s a no go. I even went through the trouble of activating TSV on that account (tried before and after) with no luck. So, I guess their still working on it, maybe.


I expect to find a few more issues in the next couple days which always seems to happen when something appears too easy to be true. But after all these years, I am anything but surprised. Goes with the territory.