Why Two-Factor Prompts Loop When Signing In on Windows 11

Quick fix: 2FA loops on Windows 11 sign-in usually mean Microsoft Authenticator can’t reach Microsoft servers, time on PC is off, or trusted device flag has been reset. Fix: ensure PC time correct (Settings → Time & language → Set time automatically). Approve from Authenticator. Tick “Stay signed in” on first successful auth. For chronic loops: account.microsoft.com/security → manage Trusted devices → re-add.

Two-factor auth (2FA) for Windows sign-in: enter password → approve push on Authenticator. Loops happen when the approval doesn’t register or PC repeatedly forgets trust. Often a time-sync, trusted-device, or app sign-in issue.

What causes this

2FA requires:

• Microsoft Authenticator (or other 2FA method).
• Time sync between PC and Microsoft server.
• Network connectivity.
• Trusted device flag set (to avoid prompting on every sign-in).

Loops happen when one or more of these fails repeatedly.

Method 1: Verify time and basic settings

The first step.

1. Open Settings → Time & language → Date & time.
2. Verify time is accurate. If off by more than 5 minutes: 2FA fails.
3. Toggle Set time automatically on.
4. Click Sync now.
5. For specific time zone: also set Set time zone automatically.
6. For corporate / unique time: contact IT for time server config.
7. Open Settings → Accounts → Your info. Sign-in status should be active.
8. For corporate accounts: check via Settings → Accounts → Access work or school.

This is the basic check.

Method 2: Manage trusted devices on Microsoft account

For trusted device issues.

1. Open browser → account.microsoft.com/security.
2. Sign in with Microsoft account.
3. Click Advanced security options.
4. Scroll to Trusted devices.
5. Look for your Windows PC. Should show as Trusted.
6. If not listed or showing as Untrusted: remove and re-add.
7. Click Remove all the trusted devices associated with my account.
8. This requires re-trusting on each device.
9. Sign in to Windows; tick Stay signed in or Don’t ask for 30 days.
10. Approve 2FA via Authenticator.
11. Device added back to Trusted list.
12. 2FA shouldn’t prompt again for 30+ days.

This is the trusted-device fix.

Method 3: Re-pair Microsoft Authenticator

For Authenticator app issues.

1. If push approval doesn’t register or Authenticator is broken:
2. On phone: open Microsoft Authenticator.
3. Find your Microsoft account. Tap. Pick Remove account.
4. Confirm.
5. Visit account.microsoft.com/security → Advanced security options → Authenticator app → Remove.
6. Re-add: same page, click Add a new way to sign in → pick Authenticator app.
7. Scan QR code with Microsoft Authenticator.
8. Test by signing in.
9. For alternative 2FA: use SMS, email, security key. Configure under same Advanced security options page.
10. For SMS: ensure phone number is current.
11. For backup codes: download for emergency access.
12. For Windows Hello + 2FA: Hello works as separate factor.

This is the re-pair route.

How to verify the fix worked

• Sign out and back in. 2FA prompts once, doesn’t loop.
• Approval via Authenticator succeeds.
• Subsequent sign-ins on same device: 2FA skipped for trusted period.
• Microsoft account security page shows device as Trusted.

If none of these work

If loop persists: Browser-side issue: clear browser cache, cookies. For Edge specifically: edge://settings/reset → reset. For corrupt Microsoft account credential: Settings → Accounts → remove account → re-add. For chronic 2FA loops: account password reset. Visit account.microsoft.com → Security → change password. For Windows Hello with biometric: separate auth. Switch to PIN-only temporarily. For corporate accounts with conditional access: IT may force 2FA every sign-in. Contact IT. For Authenticator notifications not arriving: phone notification settings; ensure not in Do Not Disturb. For new phone: re-register Authenticator on new device. Last resort: disable 2FA: account.microsoft.com/security → Turn off. Reduces security but stops loops.

Bottom line: Time/date correct first. Tick “Stay signed in” or “Don’t ask for 30 days.” Manage Trusted devices at account.microsoft.com/security. Re-pair Authenticator if app-side issue.