April 19th 2013 6:48 pm PT

Using Microsoft Two-Factor Authentication with your Xbox LIVE account

Earlier this week, it was announced that your Microsoft Account Gets More Secure. Every gamertag on Xbox LIVE is backed by a Microsoft Account (MSA), so this is great news for our customers who choose to enable this security feature to help keep their accounts more secure. I’m excited to see this feature enabled and I’ve already done this on my own account.

For those of you who have enabled TFA, you’ll need to make one change to how you interact with your Xbox.

If you’re downloading your profile or you choose not to have your password saved on your console, you will be prompted to enter your “Microsoft account password.” It will look like the screenshot below. Instead of entering your MSA password, you’ll need to enter an App password.

Xbox Password Dialogue

Getting an App password is simple:

  1. Log in to https://account.live.com
  2. Click on “Security info” under “Overview”
  3. Click on “Create a new app password” under “App passwords”
  4. Enter your app password in the password field

That’ll look like this screenshot:

MSID Account Info


That’s it! Enjoy your (even more secure) gaming on Xbox LIVE!

Xbox 360, Xbox Live By e

  • http://twitter.com/XBOXLIVE_BB BAN BOOSTER



    • http://www.facebook.com/sid.meyers.7 Sid Meyers

      BANING MODERS. ha ha.
      How about a Caps Lock key and a Spell Check?

      • http://www.facebook.com/adamdjt Adam Daniel John Thompson

        Apparently they have already been banned…

    • http://www.facebook.com/people/Curtis-Isabell/1036013363 Curtis Isabell

      cheaters have run rampant in older games for years now, don’t even try playing COD4 or WaW online… lol.

      • http://www.facebook.com/adamdjt Adam Daniel John Thompson

        or Halo, but that’s mainly glitch exploiters.

        • http://twitter.com/XBOXLIVE_BB BAN BOOSTER

          or red dead but there are ways to deal with that cheat

    • http://twitter.com/fcviotto Fernando Coli Viotto


  • Lorandun

    And…. it doesn’t work. lol. TXT method goes nowhere.

  • http://raptr.com/silverdoe AMi Tr

    it uses “industry-standard” security code, which means u can use
    whatever Authenticator on your platform (Google Authenticator on Android
    for example) to pair with your account. It also works the other way
    around. I used MS Authenticator app on WP to pair with my Google
    account, too!

    • http://twitter.com/CyberKnight1 Yakko Warner

      I did not realize they were interchangeable. Thanks for that tip!

      • http://www.majornelson.com Major Nelson

        We mention that on this weeks podcast.

        • http://twitter.com/CyberKnight1 Yakko Warner

          Yeah, I noticed that. Unfortunately the podcast comes out on Friday, and I don’t download it until the weekend and listen until my Monday morning commute, so… ;)

    • Kazaam

      Thanx for the information.

      I understood that I needed the Xbox-Glass-App.

      But does that mean, each time I enter I must recive a code and is this for the account on the xbox or only for the website?

  • http://twitter.com/CyberKnight1 Yakko Warner

    More security usually ends up being annoying, but after trying this with Google for the past year or so, it’s not too bad. Very happy to see this come to Microsoft accounts.
    I hope this will improve in time (like support for the Authenticator, or maybe having the Authenticator apps generate app passwords with the touch of a button).

  • http://twitter.com/karlcramer Karl Cramer

    I’m all for increased security but one of our consoles, the older family room 360, keeps forgetting that we’ve done this and we have to go over this process again and again.

    • Mike Holgate

      me too, sick of it

  • http://www.facebook.com/people/Curtis-Isabell/1036013363 Curtis Isabell

    the ambassador program isn’t picky at all, I wouldn’t want them having any sort of power. they do need to hire some people who have the ability to ban account, give me that power and a few days and i’ll hit over 100 accounts easy.

    • http://twitter.com/XBOXLIVE_BB BAN BOOSTER

      pay someone hmm that not a bad deal

  • lljktechnogeek

    It’s two-factor if you’re logging in via the website. The problem is that the Xbox (as of this posting) does not support the two-factor methodology. The “app-specific password” workaround is basically the same thing Google uses for stuff like Thunderbird and pre-ICS versions of Android.

    Hopefully there will be an Xbox firmware update in the future that will allow for full support of two-factor authentication, but until that happens (if it does) you’re kind of stuck with this.

  • darksacrifice

    download the google authenticator app to my phone follow the steps and it works on the website account page but still not working for the xbox maybe it take awhile to take affect been like 30 mins and eveytime i type the code off my phone for my password on xbox says something so i type my orignal password and let me sign in hopefully it just take awhile before my xbox will get the code i even deleted the app and reinstall it but no differnce so far but i like extra features to keep my account secure

    • thevowel

      You need to use an app password on the Xbox, not a code from the authenticator. That’s what is shown in the second screenshot above.

  • http://www.facebook.com/jonny.schultz.1 Jonny Schultz

    this doubling of security sucks buttholes because i forgot my email password because my xbox and everything has been running smoothly for me since i was in the 6th grade and now im a junior in highschool and cant get it to work which is making me mad as hell
    i cant call you guys to straighten this out i neeed help because im mad as hell

    • Does Not Equal

      … but how do you feel?

    • Nick Peck

      So it’s their fault you forgot your password? ahh todays youth…. :|
      How about going to the email address’s website and click on the “forgot password” option and recover it?

  • http://twitter.com/XBOXLIVE_BB BAN BOOSTER

    i hate it
    it dose not work
    it reset my password that i had for 4 years
    and gave me a new password that i think a kid had made

    i want a pass code for my xbox

    okay think about this
    for your xbox when you download your gamertag that 1st time it will make you give your password and pass code like 875869 or kidrun9067 from now on when you log on
    it will make you give a 4-8 a-z/1-10 pass code
    and you can make it so that you can not log in to someones xbox or there pc

  • http://twitter.com/xboxgametag Social Xboxgametag

    Xboxlive Disconnect.,Some time email altinative not work.

  • http://www.facebook.com/xlosgarciasx Los Garcias

    Why not have an option to tether the gamertag to the xbox? So it cant be downloaded to any other xbox, unless you uncheck the option

  • http://twitter.com/Fattieman Lord Fattieman

    For those running Android or iOS, you can use the “Google Authenticator” app to link your MS account so you can get the App Password while mobile

  • ElektroDragon

    Excited about something that makes life more complicated? That’s one approach.

    • http://twitter.com/seekul Luke Es | sE ekuL

      Having your account jacked is pretty complicated to deal with too. ;)
      Losing a little time, versus losing more time and potentially money.
      Your call!

  • Kenzibit

    Wow…for me I really don’t understand anything about this whole process. I guess I have to wait and stick to my current settings. If an app on your smartphones is now generating codes for you then what happens when you loose your smartphone? I really don’t understand anything.

    • ElektroDragon

      Agree, its too complex.

    • http://twitter.com/seekul Luke Es | sE ekuL

      There are a few options after you lose your device that displays the codes, but it all depends on the service. I can only speak about Google.
      Put very simply: you can choose to print out a list of passwords that can be used only once. You should do this before you lose the device, as in right now! :)
      If you own a second device like a tablet, that can run the same app too. So can the device of a family member or someone you trust greatly, but no service will suggest that you add your account information to a device you don’t own, it defeats the whole purpose.

      • Kenzibit


  • http://twitter.com/boe2BE Boe2

    Is this related to my xbox asking for my phone number every time I log in?
    If I were to enable 2-factor authentication, will it ask for the extra authentication every time I start my xbox, or does it remember you on the same console?

  • http://twitter.com/melkor2301 Matthias Köstler

    Maybe these changes are the reason for several disconnects while playing GoW Judgment and Forza Horizon. The web radio I listened to at the same time did work perfectly.

  • http://twitter.com/trollmunchies Troll Munchies

    Please don’t ban me for the 5th time this year… I am trying to help the online community a better place. ;)

  • Colin Stark

    I just got 4000 Microsoft points from this site for free! :D freemspointsforever com

  • https://live.xbox.com/MyXbox/Profile?gamertag=DarkGin87 Lee Rayson (DarkGin87)

    Im happy with the other passwords ive got my phone. surface and Pc are all trusted so im okay with that much secuirty

  • http://twitter.com/iangale75 Ian Gale

    Trying to verify my sons account, doing the “ask permission”, I sign in as me but to verify that I am an adult it needs credit card info. Problem is only US people can do this, no way for UK people so I cannot continue despite having a credit card linked to my Live account anyway! Very poor.

  • david_hoyland

    That’s cool and all but what we really want to know is when does the Durango hype train leave the station? :)

    • http://twitter.com/boe2BE Boe2

      The hype train departed ages ago. The facts train has yet to arrive :)

      • Nick Peck

        haha well put!

  • betosobreira

    It seems to me that there will be problems with 2nd authentication. Thank God it’s not available in Brazil yet.

  • donkeyjrplus

    where is the new deal of the week? you guys doing away with that too?

  • Entegy

    Hey Major, I think I have a bit of an issue here.

    I keep my Xbox profile on a USB stick to easily bring it to friends’ consoles, but last year, a system update started making the Xbox ask for my MS account password even when loading the profile from the USB stick on other people’s consoles. I put the profile on the stick to avoid that!

    I really want to turn on 2FA for my Microsoft account, but this is really gonna hold me back. First, is being asked for my password all the time normal and will I have to always put in an app password on other people’s Xboxes to use my profile on their console?

    • http://twitter.com/boe2BE Boe2

      Your profile has been copied over (wich saves you the hassle of recovering it), but if it’s a Live account it means you are still logging in to Live, wich is happening from an unfamiliar console, hence it asks for your password again ;)

  • Daniel Birchal

    Won’t use it until Microsoft releases the authentication app for android

  • theConstruct

    Why don’t you partner with RSA and let us use a SecurID 800?

    • http://twitter.com/boe2BE Boe2

      Just guessing here: Your job gave you a SecurID 800?

      An open 2-factor authentication solution is easier than sending and maintaining a physical token to every Microsoft account owner, don’t you think? ;)

      • theConstruct

        I had a 700 with my last job. And my current job issued me a software token for my mobile lookup device. I think the 800 is a frakking brilliant device, the security of TFA without the hassle. As for keeping track of the token, Leave it in the system when in use.

  • http://twitter.com/MGaceman Darren Harris

    Couldn’t set it up. Can’t get codes sent to my phone and can’t find an iOS or Android Authenticator App, how am I supposed to set it up without them?

  • Guest

    Cant find these kind of EXTRA security measures on PSN now can we boys? :)

  • http://twitter.com/CyberKnight1 Yakko Warner

    That’s what I use, and it works great for a lot of applications. The Xbox doesn’t support it yet, though, just application passwords — which currently can only be generated by hitting the web site.