Your backup isn't encrypted by default. To encrypt a backup in the Finder or iTunes for the first time, turn on the password-protected "Encrypt local backup" option. Backups for your device will automatically be encrypted from then on. You can also make a backup in iCloud, which automatically encrypts your information every time.
After you confirm your password, your backup will start and immediately overwrite and encrypt your previous backups. When the process completes, make sure that your encrypted backup finished successfully:
If you turn off Messages in iCloud, your text messages and attachments no longer upload automatically, but they save in your next iCloud Backup and download in the background when you restore. Stay connected to Wi-Fi until the process finishes. The time it takes to restore depends on the size of your backup and the speed of your Wi-Fi.
Make sure the device requires a PIN or biometric to unlock. Try to re-enable faceID or fingerprint in the device settings and restart the device. Use the faceID or fingerprint to unlock the device after restart, then try to re-enable passwordless for the account in Microsoft Authenticator.
Make sure the device is registered. Open Authenticator > Settings > Device Registration. Make sure the account is registered for passwordless and is joined to you work or school. Sign-in with this account on the device registration page, then try enabling passwordless for the account.
A: To add a work or school account for passwordless or two-step verification, select the + button in the top right corner of Microsoft Authenticator > Work or school account > Sign in and complete the authentication on your device to add your account.
A: The active verification code changes every 30 seconds so that if somebody were to learn what code you used to verify your sign in yesterday, or even a minute ago, they wouldn't be able to use that code to get into your account. This timer is the countdown to the verification code changing to the next code. Unlike a password, we don't want you to remember this number. Only someone with access to your phone should be able to get your verification code.
To switch your personal account over to notifications, you'll have to re-register your device with the account. Go to Add Account, select Personal Microsoft Account, and then sign in using your username and password.
A: You don't have to unlock your device to approve verification requests because all you need to prove is that you have your phone with you. Two-step verification requires proving two things--a thing you know, and a thing you have. The thing you know is your password. The thing you have is your phone (set up with Authenticator and registered as a two-step verification proof.) Therefore, having the phone and approving the request meets the criteria for the second step of verification.
A: This most-likely happens because your sign-in and your mail app are occurring across two different apps, causing the initial background sign-in process to stop working and to fail. To try to fix this, we recommend you select the Safari icon on the bottom right side of the screen while signing in to your mail app. By moving to Safari, the whole sign-in process happens in a single app, allowing you to sign in to the app successfully.
A: The Authenticator app now securely stores and auto-fills passwords on apps and websites you visit on your phone. You can use Autofill to sync and autofill your passwords on your iOS and Android devices. After setting up the Authenticator app as an autofill provider on your phone, it offers to save your passwords when you enter them on a site or in an app sign-in page. The passwords are saved as part of your personal Microsoft account and are also available when you sign in to Microsoft Edge with your personal Microsoft account.
A: To stop syncing passwords in the Authenticator app, open Settings > Autofill settings > Sync account. On the next screen, you can select on Stop sync and remove all autofill data. This will remove passwords and other autofill data from the device. Removing autofill data doesn't affect two-step verification.
Strong authentication is needed by Authenticator app: Signing into Authenticator requires a second step. This means that your passwords inside Authenticator app are protected even if someone has your Microsoft account password.
Passwords on the device are encrypted: Passwords on device are encrypted, and encryption/decryption keys are never stored and always generated when needed. Passwords are only decrypted when user wants to, that is, during autofill or when user wants to see the password, both of which require biometric or PIN.
Cloud and network security: Your passwords on the cloud are encrypted and decrypted only when they reach your device. Passwords are synced over an SSL-protected HTTPS connection, which helps prevent an attacker from eavesdropping on sensitive data when it is being synced. We also ensure we check the sanity of data being synced over network using cryptographic hashed functions (specifically, hash-based message authentication code).
A: No. Password autofill won't sync work or school account password for your users. When users visit a site or an app, Authenticator will offer to save the password for that site or app, and password is saved only when user chooses to.
Verified IDs are secure trusted credentials that can be used by websites and organizations to make account setup simpler and safer.Usually, you'll use your device's camera to capture a QR code on the site to get a new Verified ID, or a verification of an ID already on your device. You still use your password to access credentials to share with another organization.