In the digital age, we’ve all been there – the moment when we can’t remember our usual password and the worry about security issues creeps in. Having strong, unique passwords is crucial, especially in a world where security breaches like password spray attacks, brute-force attacks, etc., happen frequently. In critical situations where we suspect account compromise or detect suspicious activity in our Microsoft work and personal accounts, we often turn to the “Password” option under Security & Privacy settings to change our passwords.
However, it has come to light that Microsoft has removed this Password option. This removal may leave users scrambling for alternative ways to change their passwords. But thankfully, Microsoft has introduced a solution for this through the Security info page.
In this blog, we’ll guide you through the steps of managing and changing passwords using Security info settings to enhance online security. Let’s embark on this journey towards better online security together.
What is Security Info in Microsoft 365?
To get started, let’s understand what Microsoft Security info is. It’s essentially an extra layer of security that helps verify your identity, using methods such as an alternate email address or phone number. Here’s how it works: if you ever forget your password or if there’s an attempt to compromise your Microsoft account, Microsoft will send a verification code to that alternate email address or phone number. This code serves as a confirmation of your identity, adding an extra shield of protection to your account.
In addition to managing your sign-in method, you, as a user, also have the option to change your Microsoft 365 password within the Security info page. This lets you strengthen Microsoft 365 security by enabling you to update strong and complex passwords as required.
How to Change Password in Microsoft Security Info?
Sometimes, we remain logged in on one device for an extended period and might forget our password when we attempt to log in on a different device. In these situations, we can use the Security info page to update the password on the current device and then sign in with the updated password. Now, let’s go through the process of changing Microsoft 365 password using the Security Info page.
1. Start by signing in to your Microsoft 365 account using your credentials.
2. Once logged in, locate your profile picture in the upper-right corner of the screen.
3. Click on your profile picture, and from the dropdown menu, select the “View account” option.
4. On your account information page, look for the “Security info” section.
5. Within the “Security info” section, you’ll find “Password” listed under your sign-in methods.
6. Find the “Change” option associated with the Password row and click on it.
7. A flyout pane will appear with your UserID, prompting you to enter your “New password.” Make sure to “Confirm the new password” by entering it a second time.
8. Once you’ve confirmed it, click the “Submit” button to securely change your password.
POINT TO REMEMBER: If you want to change your existing password, visit the ‘Change password’ page in the My Account portal, assuming you remember your old password and your account isn’t locked. However, in cases where you can’t recall your password, find yourself locked out of your account, or never received a password from your organization, you have the option to reset your password using your mobile device and Security info.
Use Microsoft Security Info to Manage App Passwords in Microsoft 365
Beyond managing and changing your Microsoft passwords using the Security info page, you also have the ability to create and manage app passwords. This feature allows you to generate and control passwords specifically for applications that may not support the standard sign-in methods. It’s useful for enhancing security and ensuring access to various apps securely.
How to Create App Passwords from the Security Info Page?
For apps like Outlook 2010 that don’t support two-step verification, you can generate separate app passwords for non-browser applications in your organization. These passwords are used alongside your regular password. Learn how to create app passwords from the security info page in Microsoft 365 below.
1. Sign in to your work account, and then navigate to the Security info page. You can access this page through the “View account” option, which is available when you click on your profile picture.
2. On the Microsoft My Sign-Ins Security info page, click on “Add sign-in method.”
3. After clicking “Add sign-in method,” you’ll see a page asking, “Which method would you like to add?” From the drop-down menu, select “App password,” and then click “Add.”
NOTE: Keep in mind that this option will only be available if the administrator has allowed and configured the necessary settings for you.
4. Enter the names of the apps for which you want to create passwords, and then select “Next.” Note that the minimum password length is 8 characters.
5. Once you’ve generated the app password, copy it and paste it into the password field of the app you’re configuring.
6. Finally, select “Done” to complete the setup.
- These app passwords are automatically generated and must be created and entered individually for each app.
- Please note there is a limit of 40 passwords per user. If you exceed this limit, you must delete an existing password before creating a new one.
Delete App Passwords in Microsoft 365
If you find yourself no longer needing an app password and want to free up space, here’s how you can delete it from your Security info page of Microsoft 365:
1. Within the Microsoft My Sign-Ins Security info page, identify the app password you wish to remove. You’ll find a “Delete” option in the same row as the app password.
2. Click on “Delete,” and a flyout page will appear, asking for confirmation: “Are you sure you would like to delete this method for your account?”
3. Select “Ok” to proceed with the deletion.
By following these steps, you can efficiently clear out any app passwords you no longer require, keeping your Security info page organized and secure.
Manage Other Verification Methods in My Sign-Ins Security Info Page
You can also manage various sign-in methods on the Security info page and even change your default method, going beyond just using passwords. Here are the options available to you:
- Multi-Factor Authentication (MFA): You can set up multi-factor authentication (MFA) by following the instructions on the Security info page after downloading the Microsoft Authenticator app. MFA works for two-factor verification and password reset authentication. This method adds an extra layer of security to your account.
- Email: When you choose ‘Email’ in the ‘Add sign-in method’ option, you’ll be prompted to enter your email ID. Afterward, a verification code will be sent to your email. By entering this code, you establish email as one of your sign-in methods. However, please note that this method is solely for password reset; for two-factor verification, select a different method.
- Phone: Your phone number can be a sign-in method. Choose ‘Phone’ in ‘Add sign-in method,’ enter your number, and receive a verification code. Use this code to set up your phone as a sign-in method, enhancing security and convenience for both two-factor verification and password reset.
- Security Key: You can register a Microsoft-compatible security key and pair it with a PIN for added security. This versatile method can be used for both two-factor verification and password reset authentication. Keep in mind that availability might depend on your organization’s policies; if not, choose an alternative method or reach out to your administrator.
- Security Questions: Respond to security questions created by your organization’s admins. This option is exclusively for password reset and not for two-step verification. Availability may vary based on your organization’s setup. If unavailable, choose an alternative method or contact your administrator.
- Sign-Out Everywhere: The Security info page offers a “Sign out Everywhere” option for added security. If you’ve lost a device or suspect it’s been compromised, use this option to prevent unauthorized access to your data. It logs your account out of all sessions and devices, including the one you’re using. Note that there might be a delay of up to an hour before the sign-out process is completed. If you have multiple accounts on the lost device, be sure to sign out of all of them.
How Managing and Changing Passwords Using Security Info is Beneficial to Admins?
While the primary goal of My Sign-Ins Security info is to empower end users to update passwords, it relieves admins from the burden of managing users’ password for frequent reset requests. Additionally, it also offers the following significant advantages for administrators:
1. Enhanced Control over Password Changes with Conditional Access Policies
- Admins can now enable Conditional Access registration policies specifically targeting My Security info.
- This enables admins to have greater control over the end user experience when it comes to password changes.
- By mandating users to authenticate with Multi-Factor Authentication (MFA) and satisfy Conditional Access policies, admins can ensure a secure password change process without requiring the user to enter their existing password.
- This capability allows admins to protect Security info registration with CA policies.
2. Streamlined Registration Process and Enhanced Security with Combined Registration
- Security info is now part of the managed mode of combined registration.
- Previously, users had to separately register authentication methods for Microsoft Entra multi-factor authentication and self-service password resets, leading to confusion.
- With combined registration, users only need to register once and can enjoy the benefits of both methods.
- This streamlines the registration process and reduces confusion for users, ultimately enhancing security.
- By empowering users to utilize Security info, admins can simplify the registration process and improve overall security. Additionally, they can effortlessly manage & monitor SSPR status and MFA status through this combined registration process.
So far, we explored the process of changing passwords using the My Sign-In Security Info page. After all, users may still end up with easily guessable passwords, putting your organization’s security at risk. But don’t worry admins, we have a powerful solution for you!
Meet AdminDroid Microsoft 365 Reporter – your watchful guardian, offering a bird’s-eye view of all password changes within your organization. Without delay, let’s explore what AdminDroid offers for efficient Microsoft 365 password management.
Elevate Your Password Security with AdminDroid Free Reports
AdminDroid Microsoft 365 password reports offer enriched insights on password policies, password expiration dates, users with passwords set to never expire, and more. These detailed insights empower administrators to closely monitor password activities, thereby preventing account lockouts.
Beyond comprehensive password reports, AdminDroid’s Azure AD auditing tool also offers valuable insights into various facets of Microsoft 365. This includes user logins, admin role modifications, application usage, group activities, and configuration settings.
In addition, AdminDroid’s Free Azure AD reporting tool unlocks over 120+ insightful reports elevating your visibility into Microsoft Entra (formerly known as Azure AD). These reports provide detailed insights into Microsoft 365 users, groups, MFA, license usage, external users, admins, etc., all within the Free edition of AdminDroid for enhanced Azure AD management.
AdminDroid isn’t just your solution provider for Microsoft Entra; it’s a comprehensive solution for your entire Microsoft 365 ecosystem. AdminDroid offers 1800+ comprehensive reports and 30+ compelling dashboards covering various Microsoft services, including Exchange Online, MS Teams, SharePoint Online, OneDrive, Viva Engage (Yammer), Power BI, and Stream. AdminDroid’s impressive features, including rapid alerting, scheduling, precise delegation, and advanced customization filters, position it as the ultimate solution for your Microsoft 365 reporting and auditing needs.
Why wait any longer? Head to the AdminDroid download button and start your 15-day free trial for effortless Microsoft 365 administration.
As administrators of Microsoft 365, it’s vital to empower your organization’s users to take charge of their account security by actively managing strong Microsoft 365 passwords. In addition, enabling the self-service password reset option provided by Microsoft is a win-win solution—it not only reduces the burden on the help desk but also enhances security while providing users with convenience.
We hope this blog has provided insights into managing and changing passwords using Microsoft Security info. If you have any questions or need further assistance, please don’t hesitate to reach out to us in the comments section.