Padlock trapped in a looping arrow maze
If Microsoft two-factor authentication (2FA) keeps looping, rejecting a correct code, or bouncing you back to the sign-in page on Windows, don’t assume your account is broken. Very often it’s the browser session failing to “stick” because of cookies, tracking protection, or an extension that interferes with the sign-in flow.

Most fixes are browser-specific, so this guide is organized that way.

Before you start: if you can, keep one signed-in device available (phone Microsoft Authenticator, a backup email, or a recovery code). Avoid making lots of security changes while you’re locked out.

1. Confirm it’s a browser issue (quick cross-check)

Do a fast test so you don’t spend an hour in the wrong place.

  • Try the same sign-in in a different browser (Chrome ↔ Firefox ↔ Edge).
  • Try a Private/Incognito window (this disables many extensions by default).
  • Try a different network if possible (mobile hotspot is enough for a test).

If it works in another browser or in a private window, you’re dealing with cookies/site data, tracking protection, or extensions in the original browser.

Cookie and shield symbolizing blocked sign-in cookies

2. Chrome (Windows): allow cookies for Microsoft sign-in and disable “privacy” breaks

Chrome sign-in loops are usually cookie or “third-party cookie” related, especially if you have stricter privacy settings.

  • Open Settings → Privacy and security → Third-party cookies.
  • Temporarily set to Allow third-party cookies (just for the sign-in test), or add site exceptions.
  • Add exceptions for Microsoft sign-in endpoints you’re using, such as login.live.com, account.microsoft.com, and the app site you’re signing into (for example outlook.office.com).

If you don’t want to change global cookie settings, try this narrower reset:

  • Go to Settings → Privacy and security → Site settings → View permissions and data stored across sites.
  • Search “microsoft”, “live”, and “login” and remove only those entries.

Then close all Chrome windows and try again.

If you use extensions that block scripts/cookies (ad blockers, privacy blockers, anti-trackers), disable them for the sign-in page and retry. In Chrome, even one extension can break the handoff between the code entry page and the final redirect back to your account.

3. Firefox (Windows): adjust Enhanced Tracking Protection for Microsoft pages

Firefox is more likely to block parts of the sign-in flow when Enhanced Tracking Protection is set to Strict, or when “Total Cookie Protection” isolates cookies in a way the flow doesn’t expect.

  • On the Microsoft sign-in page, click the shield icon near the address bar.
  • Toggle Enhanced Tracking Protection off for that site (just as a test).
  • Reload the page and sign in again.

If that fixes it, keep protection on globally and only allow an exception for Microsoft sign-in pages you trust.

Next, clear only the relevant site data (not your whole browser):

  • Go to Settings → Privacy & Security → Cookies and Site Data → Manage Data.
  • Search for “microsoft”, “live”, “office”, and remove those entries.

Also check whether Firefox is set to clear cookies on exit (which can cause repeated prompts):

  • Settings → Privacy & Security → History
  • If using “Custom settings”, review Clear history when Firefox closes.

4. Edge (Windows): Tracking prevention and “strict” settings can block the redirect

Edge uses a Chromium base like Chrome, but Edge’s Tracking prevention and Microsoft account integration can create their own quirks.

  • Open Settings → Privacy, search, and services.
  • Set Tracking prevention to Balanced (temporarily test; you can return to Strict after).
  • Turn off Block third-party cookies just long enough to complete sign-in, if it’s enabled.

If you’re signing into a work/school account, also confirm you’re in the right profile and not mixing accounts across profiles (a common cause of “looping” between two identities).

Toggle switches and broken link chain for extensions

5. Fix the most common culprit: extensions (ad blockers, script blockers, password tools)

When the 2FA code is correct but you land back on the login page, something often prevented Microsoft from setting or reading the session cookie.

  • Temporarily disable ad blockers and privacy extensions (uBlock, AdGuard, Ghostery, Privacy Badger, script blockers).
  • Temporarily disable “security” extensions that inspect pages or strip parameters.
  • If you use a password manager extension, try disabling it just for the sign-in attempt (some inject scripts into the login form).

After you identify the extension, prefer allowlisting Microsoft sign-in pages rather than leaving protections off globally.

6. Check Windows time and the 2FA method (small mismatch, big failures)

This sounds unrelated, but it matters more than people expect.

  • Go to Settings → Time & language → Date & time and enable Set time automatically.
  • Click Sync now.

If you’re using time-based one-time passwords (TOTP) from an authenticator app, an incorrect system clock can make codes appear “wrong” even when you typed them perfectly.

7. If it only fails in one browser: create a clean sign-in session (without nuking everything)

If you’ve confirmed the issue is browser-specific, do the smallest “clean slate” that usually works:

  • Create a new browser profile (Chrome/Edge) or a new Firefox profile, then try signing in there.
  • Or use a private window plus temporarily allowing cookies for the sign-in.
  • After you’re signed in successfully, you can move bookmarks/settings later and keep the clean profile for Microsoft accounts.

This avoids deleting all your history/passwords while still removing the broken sign-in state.

Final thoughts

On Windows, Microsoft 2FA issues that look like “wrong code” are often a browser session problem: cookies blocked, redirects filtered, or extensions interfering.

If you get it working in a private window or another browser, focus on site cookie settings, tracking prevention, and extension allowlists rather than changing your account security settings in a hurry.