How to: Use Microsoft multifactor authentication without a mobile phone


Introduction

If you have a lost or damaged mobile device, or are otherwise unable to use the Microsoft Authenticator mobile app, you can still sign in to services that require Microsoft multifactor authentication (MFA).

Cellular service is not necessary in order to use MFA. Multiple options are available.

Instructions

Security key

Use a WebAuthn/FIDO2 security key (for example, YubiKey).

NOTE: Security keys are not compatible with Skype for Business.

Microsoft Authenticator mobile app

If the concern is having cellular service or a text messaging plan, please note that the Microsoft Authenticator mobile app can function via the Internet, both over cellular data and Wi-Fi, using the "number matching" feature (typing a two-digit code). Neither cellular service nor a text message plan is required.

If Internet service on your mobile device is not available via cellular or Wi-Fi, the Microsoft Authenticator app can still generate codes that can be used for MFA. Internet service is not required. This works using the industry standard RFC 6238 (TOTP) as an alternative method to number matching. You do not need to be connected to a network to use the app with the TOTP option. Please see how to use Microsoft MFA, step 4, section D for details on how to do this.

Text message or phone call

Options exist for receiving SMS text messages and voice phone call without a mobile phone.

Carrier options that don't require a cellular signal

Some providers allow you to receive text messages and/or phone calls over the Internet without cellular coverage.

EXAMPLE:

  • AT&T NumberSync
  • T-Mobile DIGITS
  • Verizon Messages (Messages+)

Please contact your provider for further details.

Alternatives to traditional postpaid cellular service

You can receive phone calls on a number that isn't a cellular number.

EXAMPLE:

If you expect to be in an area without cellular coverage and without Wi-Fi, you may wish to set up one of the options above as an alternative to have available as a backup MFA method.

Another option is a prepaid cell phone ("burner phone").