# πŸ‘€ Accounts & 2FA Setup **Add your Microsoft accounts with secure TOTP authentication** --- ## πŸ“ Quick Start ### Basic Setup (No 2FA) **Edit** `src/accounts.json`: ```json { "accounts": [ { "email": "your@email.com", "password": "your_password", "recoveryEmail": "backup@email.com" } ] } ``` > ℹ️ `recoveryEmail` is **mandatory**. It lets the bot verify Microsoft’s masked hint during login and alert you if the recovery address ever changes. **That's it!** Run `npm start` to test. --- ## πŸ” Add 2FA/TOTP (Recommended) ### Why Use TOTP? - βœ… **Automated login** β€” No manual code entry - βœ… **More secure** β€” Better than SMS - βœ… **Works 24/7** β€” Scheduler-friendly ### How to Get Your TOTP Secret 1. **Open** https://account.live.com/proofs/Manage/additional (Security β†’ Advanced security options β†’ Additional security). 2. Enable two-step verification and click **Next** until you see the setup wizard. 3. Click the blue link **"Set up a different authenticator app"**. 4. On the next screen click **"I can't scan the bar code"** to reveal the Base32 secret. 5. Scan the QR with your preferred authenticator (Google Authenticator recommended to keep data separate from Microsoft) **and** copy the secret: - The same secret can stay in your app and be saved in this file (multiple authenticators can share it). 6. Enter the 6-digit code in Microsoft’s wizard to finish pairing. 7. **Add the secret to** `accounts.json`: ```json { "accounts": [ { "email": "your@email.com", "password": "your_password", "recoveryEmail": "backup@email.com", "totp": "JBSWY3DPEHPK3PXP" } ] } ``` --- ## 🎯 Multiple Accounts ```json { "accounts": [ { "email": "account1@email.com", "password": "password1", "recoveryEmail": "backup1@email.com", "totp": "SECRET1" }, { "email": "account2@email.com", "password": "password2", "recoveryEmail": "backup2@email.com", "totp": "SECRET2" } ] } ``` --- ## 🌐 Per-Account Proxy (Optional) ```json { "accounts": [ { "email": "your@email.com", "password": "password", "recoveryEmail": "backup@email.com", "totp": "", "proxy": { "proxyAxios": true, "url": "proxy.example.com", "port": 8080, "username": "proxyuser", "password": "proxypass" } } ] } ``` β†’ **[Full Proxy Guide](./proxy.md)** --- ## πŸ”’ Environment Variables (Docker/CI) ### Option 1: File Path ```bash export ACCOUNTS_FILE=/path/to/accounts.json ``` ### Option 2: Inline JSON ```bash export ACCOUNTS_JSON='{"accounts":[{"email":"test@example.com","password":"pass"}]}' ``` --- ## πŸ› οΈ Troubleshooting | Problem | Solution | |---------|----------| | **"accounts.json not found"** | Create file or set `ACCOUNTS_FILE` env var | | **"2FA prompt not auto-filled"** | Check TOTP secret is valid Base32 | | **"Invalid TOTP"** | Verify system time is correct | | **"Account locked"** | Manually unlock in Microsoft Account | | **"Login timeout"** | Check internet connection, try proxy | ### 2FA Not Working? 1. **Check secret format** β€” Should be Base32 (only letters/numbers, no spaces) 2. **Verify system time** β€” Must be accurate (NTP sync) 3. **Test manually** β€” Use authenticator app to verify code works 4. **Remove backup codes** β€” Some security settings block TOTP --- ## πŸ”’ Security Tips - πŸ” **Use strong passwords** β€” Unique for each account - πŸ”‘ **Enable TOTP** β€” More secure than SMS - πŸ“ **Restrict file permissions** β€” `chmod 600 accounts.json` (Linux) - πŸ”„ **Rotate passwords** β€” Change every 90 days - 🚫 **Never commit** β€” Add `accounts.json` to `.gitignore` --- ## πŸ“š Next Steps **TOTP setup?** β†’ **[Security Guide](./security.md)** for best practices **Ready for automation?** β†’ **[Scheduler Setup](./schedule.md)** **Need proxies?** β†’ **[Proxy Guide](./proxy.md)** --- **[← Back to Hub](./index.md)** | **[Getting Started](./getting-started.md)**