You may need an app password to connect Outlook to your Microsoft account when two-factor authentication is on. This is a unique code for less secure apps that cannot handle the standard login prompt. This article explains how to find, create, and remove these passwords in your account security settings.
Key Takeaways: Managing Outlook App Passwords
- Security > Advanced security options > App passwords: This is the primary menu path in your Microsoft account to view and generate new app passwords.
- App password generation form: You must name the password for a specific device or app, like “Outlook Desktop PC,” before it is created.
- Password list with delete option: Each generated app password is listed with its creation date and a button to revoke it immediately.
Understanding App Passwords for Microsoft Accounts
App passwords are 16-character codes that let older or non-browser applications access your Microsoft account. They are required when you have two-step verification turned on. Standard modern apps use secure OAuth2 tokens, but some email clients need this older method.
You only need an app password for Outlook if you are setting up an account that uses two-factor authentication. This often applies to personal Outlook.com, Hotmail, or Live.com accounts added to the Outlook desktop app or mobile mail clients. Work or school accounts from an organization typically use modern authentication and do not need app passwords.
Where App Passwords Are Stored and Used
These passwords are managed solely within your Microsoft account security portal. They are not stored in Outlook itself. When you set up an email account, you enter the app password once. Outlook keeps it in its encrypted credential store. If you lose the password, you must generate a new one in the portal and update Outlook.
Steps to Create and View App Passwords
You must be signed into your Microsoft account in a web browser. Ensure two-step verification is already enabled in your security settings, as the app passwords option will not appear without it.
- Navigate to Security Settings
Go to account.microsoft.com and sign in. Click on your profile picture, then select “My Microsoft account.” In the top navigation bar, click on “Security.” - Access Advanced Security Options
On the Security page, find the “Advanced security options” section. Click on the link labeled “Get started” or “View all” within that section. - Find the App Passwords Menu
In the advanced security dashboard, look for a section or tab named “App passwords.” It may be under “Additional security” or a similar heading. Click on it. - Create a New App Password
You will see a button that says “Create a new app password” or “Add.” Click it. A form will appear asking you to name this password. Enter a descriptive name, such as “Outlook on Laptop,” and click “Next” or “Create.” - Copy the Generated Password
A new 16-character password will appear on the screen. Copy it immediately. You will not see this password again. Use it in place of your regular account password when setting up your email in Outlook.
Viewing Your Existing App Passwords
On the same “App passwords” page, you will see a list of all passwords you have created. Each entry shows the name you gave it and the date it was created. The full password is never shown again for security reasons.
Common Mistakes and Limitations to Avoid
App Passwords Option Is Missing
If you cannot find the app passwords menu, two-step verification is likely not active. Go to Security > Two-step verification and turn it on. The app passwords link will appear shortly after in the advanced security options.
Outlook Still Rejects the App Password
Ensure you copied the entire 16-character code without spaces. If it fails, generate a new app password, delete the email account from Outlook, and add it again using the fresh code. Do not mix your main account password with an app password.
Managing Too Many Old Passwords
Each app password remains valid until you delete it. If you have many old entries for devices you no longer use, revoke them. On the app passwords list, find the entry and click the “Remove” or “Delete” button next to it. This instantly invalidates that password.
App Passwords vs Modern Authentication in Outlook
| Item | App Passwords | Modern Authentication (OAuth2) |
|---|---|---|
| Authentication Method | Static 16-character password | Dynamic token with expiry |
| Security Level | Less secure, single factor for the app | More secure, uses the second factor each time |
| User Experience | Enter once during setup | May prompt for sign-in periodically |
| Primary Use Case | Legacy email clients with 2FA-enabled personal accounts | Outlook for Microsoft 365, Outlook 2016 or later, mobile apps |
| Management Location | Microsoft account security portal | Integrated into app or company identity provider |
You can now securely generate app passwords for Outlook when two-factor authentication blocks standard login. Check your account’s advanced security options to view or revoke existing codes. For better security on newer versions of Outlook, consider using modern authentication instead. A useful tip is to name each password after the specific device and app to make future management easier.