App password for outlook 365

It can be super frustrating when you’re trying to connect an app to your Outlook 365 email and it just won’t accept your usual password, especially when you’ve got multi-factor authentication MFA turned on. Many times, the fix for this head-scratcher is something called an app password. This special, one-time code lets older or specific applications that don’t quite “get” modern authentication methods like MFA prompts securely access your Microsoft 365 account. Think of it as a bridge for these apps to safely cross into your protected email.

In this guide, we’re going to break down everything you need to know about app passwords for Outlook 365 and Microsoft 365 accounts. We’ll walk through what they are, why they’re so handy, how to create them, and even what to do if things go a little sideways. Our goal is to make sure you can connect all your essential tools without compromising your security. By the end of this, you’ll be a pro at managing your digital access, keeping your information locked down. And if you’re like me, always on the hunt for the best ways to keep your online life secure and organized, you might want to check out tools like to help manage all those unique passwords. It’s a must for keeping everything in one secure place!

What Exactly is an App Password and Why Do You Need One for Outlook 365?

So, you’ve probably heard of multi-factor authentication MFA or two-step verification, right? It’s that extra layer of security that asks for more than just your password when you log in—like a code from your phone or a fingerprint scan. It’s a fantastic way to keep your account safe from bad actors. Microsoft pushes hard for MFA, and for good reason: cyber threats are a real deal, with millions of fraudulent attempts to access Microsoft cloud services daily, and weak or stolen passwords are behind about 80% of data breaches.

But here’s the catch: not every app or device is savvy enough to handle those extra verification steps. Some older email clients, certain mobile apps, or even devices like network scanners or printers that need to send emails just don’t understand how to deal with an MFA prompt. That’s where an app password comes in.

An app password is a special, automatically generated, long string of characters usually 16, consisting of random letters and numbers that you create specifically for one of these “less-modern” applications. Instead of your regular password, you use this app password to log in to that particular app or device. The beauty of it is that once you enter the app password, it bypasses the MFA prompt for that specific application, allowing it to connect to your Outlook 365 or Microsoft 365 account securely.

0.0 0.0 out of 5 stars (based on 0 reviews) Excellent0% Very good0% Average0% Poor0% Terrible0% There are no reviews yet. Be the first one to write one. Your review Your overall rating Select a Rating5 Stars4 Stars3 Stars2 Stars1 Star Title of your review Your review Your name Your email This review is based on my own experience and is my genuine opinion. ​ Submit Review

Amazon.com: Check Amazon for App password for Latest Discussions & Reviews:

Think of it this way: your regular password, protected by MFA, is like your main house key with a complex alarm system. An app password is like a special, single-use key that lets the gardener an older app into the shed your email account without needing to disarm the whole house alarm every time. It keeps your main security intact while still granting necessary access.

Key takeaways:

• App passwords are for applications or devices that don’t support modern authentication i.e., they can’t handle an MFA prompt.
• They act as a substitute for your regular password in these specific scenarios, allowing secure access without triggering MFA.
• They’re randomly generated and usually 16 characters long.
• You typically only need to enter them once per application or device.

This might sound a bit complex, but it’s really about maintaining a high level of security across all your digital touchpoints, even the older ones.

When to Use an App Password for Office 365

It’s pretty common for folks to wonder when they actually need an app password. After all, isn’t the whole point of MFA to use your regular password with an extra step? Well, yes, but some situations just don’t play by those rules. You’ll typically find yourself needing an app password for your Microsoft 365 account when you’re dealing with applications or devices that can’t handle the interactive nature of multi-factor authentication.

Here are the most common scenarios where an app password becomes your go-to solution:

• Older Email Clients and Non-Microsoft Applications: If you’re still rocking an older version of Outlook like Outlook 2010 or earlier or using a third-party email client such as Apple Mail before iOS 11, Thunderbird, or the native mail app on some Android devices, you’ll likely need an app password. These applications don’t always understand the “pause” in the login process that MFA introduces, so they can’t complete the sign-in. The modern Outlook app on mobile devices, for example, usually supports modern authentication, so you typically won’t need an app password for that.
• Devices That Don’t Prompt for MFA: Think about devices that send emails, but aren’t full-blown computers, like:
  • Printers or Scanners for “Scan to Email”: Many office printers or multifunction devices have a “scan to email” feature. If these devices are configured to send emails using your Office 365 SMTP server, and your account has MFA enabled, they’ll need an app password.
  • Legacy Business Applications: Some line-of-business applications, monitoring tools, or ticketing systems might need to send email alerts. If they use SMTP for this and don’t support modern authentication, an app password is the answer.
• SMTP, POP, and IMAP Configurations: When you’re manually configuring email settings for your Office 365 email account using protocols like SMTP Simple Mail Transfer Protocol, POP Post Office Protocol, or IMAP Internet Message Access Protocol, and MFA is active, your regular password won’t cut it. You’ll need an app password for the password field in these settings. This is particularly true for “app password for office 365 smtp server” scenarios, where sending emails through smtp.office365.com will require this special password.
• Specific Integrations: Occasionally, you might encounter a web service or application that needs to integrate with your Microsoft 365 account but uses an older authentication method. An app password provides a secure way to establish that connection without exposing your primary password.

It’s crucial to remember that app passwords are a workaround for a specific compatibility issue. If an application does support modern authentication, you should absolutely use that instead. Modern authentication offers a more robust and seamless security experience.

How to Create an App Password for Your Microsoft 365 Account Step-by-Step Guide

Ready to generate an app password for your Microsoft 365 account? It’s a fairly straightforward process, but there are a couple of prerequisites and important notes to keep in mind.

Prerequisites:

1. Multi-Factor Authentication MFA Must Be Enabled: This is non-negotiable. App passwords are only necessary and only an option if MFA is active on your Microsoft 365 account. If it’s not, you’ll just use your regular password everywhere. If you don’t see the option to create app passwords, it’s often because MFA isn’t enabled or your administrator hasn’t allowed users to create them.
2. Admin Permissions Sometimes: While individual users can usually create their own app passwords, in some organizational settings, an admin might need to allow users to create app passwords first, especially if they’re managing MFA settings at an organizational level.

Now, let’s get into the steps to create an app password for Outlook 365 or your broader Microsoft 365 account:

Step 1: Sign in to Your Microsoft Account

Open your web browser and navigate to your Microsoft account’s security page. You can often get there by going to https://myaccount.microsoft.com/ or https://aka.ms/SetupMFA. Sign in with your regular Microsoft 365 email address and password. If MFA is enabled, you’ll complete your usual second verification step e.g., approving a notification on your phone or entering a code.

Step 2: Navigate to Security Info or Security & Privacy

Once logged in:

• Look for your profile picture or initials in the top right corner. Click on it, then select “View account” or “My Account.”
• In the navigation menu on the left, you’ll typically find an option called “Security info” or “Security & privacy.” Click on that.
• Under “Security info,” you might see “Additional security verification” or similar. Click on it.

Step 3: Find and Create a New App Password

On the “Additional security verification” or “Security info” page, you’re looking for the section related to app passwords.

• You might see a heading like “App passwords” or an option to “Create and manage app passwords.”
• Click on “Add method” or “Create” to generate a new app password.
• The system might prompt you to give this new app password a name. This is a good practice! Name it something descriptive, like “Outlook 2010 on Desktop,” “iPhone Mail App,” or “Office 365 SMTP Scanner.” This helps you remember which app uses which password. Then click “Next” or “Add.”

Step 4: Copy and Save Your App Password

• A new, randomly generated app password will appear on your screen. This is your one chance to see it! Make sure you copy this password to your clipboard immediately. You won’t be able to retrieve it again later.
• Microsoft often provides a “Copy password to clipboard” button, so use that to avoid typos.
• Once copied, click “Done” or “Close.”

Important Considerations:

• Don’t Memorize It: You’re not meant to remember this password. It’s a long string designed for machines, not humans.
• Store It Securely: Paste it directly into the application you intend to use it with. If you need to keep it for future reference e.g., if you’re setting up a device later, paste it into a secure note within a reliable password manager, like . Never email it to yourself or store it in an unencrypted document!
• One per App/Device Ideally: While you can reuse an app password for multiple apps, it’s generally a better security practice to create a unique one for each application or device that needs it. This makes it easier to revoke access if one specific app or device is lost or compromised.
• Takes a Few Minutes: Sometimes, it might take 20-30 minutes for a newly created app password to become fully active.

Once you have that shiny new app password, you’re ready to use it!

Using Your App Password with Outlook 365 and other applications

You’ve got your app password ready to go. Now, the big question: where do you actually put this thing? The key is to use it wherever the application asks for your password, not your regular one, but the specific app password you just generated.

Here’s how you’d typically use it across different scenarios:

1. For Desktop Mail Clients e.g., Older Outlook Versions, Thunderbird, Apple Mail

If you’re setting up a new account or updating password information in an email client that doesn’t support modern authentication:

• Open the email client e.g., Outlook 2010/2013/2016, Apple Mail, Thunderbird.
• Go to the account settings or the “Add Account” wizard.
• When prompted for your email address, enter your full Microsoft 365 email address.
• When it asks for your password, paste the app password you copied earlier into that field.
• Complete any remaining setup steps. You might need to restart the application for the changes to take effect.

Example for Outlook Desktop App Older Versions:

1. In Outlook, click File.
2. Under “Info,” click Account Settings, then Account Settings again.
3. On the “Email” tab, select your Microsoft 365 account and click Change.
4. In the password field, paste your app password instead of your regular one.
5. Click Next and then Finish. You might need to restart Outlook.

2. For Mobile Apps e.g., Native Mail Apps on iPhone/Android

If you’re using the native Mail app on your smartphone and it doesn’t support modern auth for your Microsoft 365 account, which can happen with older setups or specific devices:

• Go to your phone’s Settings app.
• Find Accounts or Mail, Contacts, Calendars.
• Select your existing Microsoft 365 account, or choose to Add Account.
• When prompted for the password, paste your app password there.
• Save the settings.

3. For SMTP, POP, or IMAP Configurations e.g., Printers, Scanners, Business Applications

This is a common scenario for “app password for office 365 smtp server” or “create app password for office 365 smtp server.”

• Access the settings for your device or application e.g., the web interface for your printer, the configuration panel for your business software.
• Locate the email or SMTP settings.
• You’ll typically need to enter the following details:
  • SMTP Server: smtp.office365.com
  • Port: 587 with TLS/STARTTLS encryption
  • Username: Your full Office 365 email address.
  • Password: Paste your app password here.
• For POP3 or IMAP settings, use outlook.office365.com as the incoming mail server, with port 995 SSL/TLS for POP3 or 993 SSL/TLS for IMAP4.

Troubleshooting Tip: If your app password isn’t working right away, double-check that you copied it correctly. Sometimes, an extra space at the beginning or end can cause issues. Also, remember that it can take a few minutes up to 20-30 minutes for a newly generated app password to become active. If you’re encountering persistent errors, it might also be that the application you’re trying to connect does support modern authentication, and you shouldn’t be using an app password at all.

Managing and Revoking App Passwords in Office 365

Just like any other security credential, app passwords need to be managed effectively. While they offer a convenient way to bridge the gap for older applications, it’s just as important to know how to revoke them when they’re no longer needed or if you suspect they’ve been compromised.

Why would you need to revoke an app password?

• Lost or Stolen Device: If a device where you used an app password like an old phone or a laptop goes missing or is stolen, you’ll want to revoke its associated app password immediately to prevent unauthorized access.
• No Longer Using an Application: If you stop using a particular email client or application that relied on an app password, it’s good practice to revoke that password. Why keep a door open if you’re not using it anymore?
• Suspicious Activity: If you notice any unusual activity related to your Microsoft 365 account, revoking all app passwords can be a quick way to shut down potential unauthorized access points.
• Password Reset/Compromise: While app passwords are not automatically revoked when your primary account password is reset, it’s a good idea to revoke and create new ones if you suspect your main password was compromised.

How to Revoke Existing App Passwords:

The process for revoking app passwords is very similar to how you create them.

1. Sign In to Your Microsoft Account: Go back to your Microsoft account’s security page: https://myaccount.microsoft.com/ and sign in with your usual credentials, completing any MFA prompts.
2. Navigate to Security Info: Just like when you created it, find “Security info” or “Security & privacy” in the left-hand menu.
3. Manage App Passwords: Click on “Additional security verification” or the “App passwords” section.
4. Delete the Desired App Password: You’ll see a list of all the app passwords you’ve created, often with the names you assigned them.
   • Locate the app password you want to revoke.
   • Next to it, you should see a Delete or Revoke option often represented by a trash can icon or an “x”. Click on this.
   • Confirm your decision if prompted.
5. Done! The app password is now revoked. The application or device that was using it will no longer be able to connect to your Microsoft 365 account, and it will likely prompt you for new credentials or fail to connect.

Admin-Managed Revocation:
If you’re an administrator, you also have the ability to revoke app passwords for other users in your organization through the Microsoft 365 admin center. You can go to Users > Active users, select the users, and choose Manage multi-factor authentication. From there, you can select “Delete all existing app passwords generated by selected users” and save the changes.

What if You Can’t Generate an App Password? Troubleshooting Common Issues

It can be super frustrating when you’re following the steps to create an app password and the option just isn’t there, or it’s not working. Don’t worry, you’re not alone. Several common reasons can prevent you from generating or using an app password for your Office 365 or Microsoft 365 account. Here’s a rundown of what to check:

1. MFA Not Enabled or Enforced for Your Account:

   • The biggest reason: App passwords are a direct consequence of having multi-factor authentication MFA turned on. If your account doesn’t have MFA enabled, you won’t see the option to create app passwords. Why? Because you wouldn’t need one – your regular password would work just fine everywhere.
   • Solution: Make sure MFA is fully enabled and, ideally, enforced for your user account. This might involve an administrator’s help if it’s an organizational account.

2. Admin Disabled the Feature:

   • In organizational settings, IT administrators have control over many security features. They might have explicitly disabled the ability for users to create app passwords through the Azure portal’s Multi-Factor Authentication settings.
   • Solution: If you suspect this is the case, you’ll need to contact your IT administrator. They can check the settings in the Microsoft Entra admin center formerly Azure AD under “Multifactor authentication” and ensure “Allow users to create app passwords to sign in to non-browser apps” is selected.

3. Using a Personal vs. Organizational Account:

   • The steps and available options can sometimes differ slightly between a personal Microsoft account like an Outlook.com email and a work/school account Office 365 or Microsoft 365. Ensure you’re logging into the correct portal and following the appropriate steps for your account type.

4. Incorrect Login Portal or Navigation:

   • Sometimes, it’s as simple as being on the wrong page. Double-check that you’re signing into https://myaccount.microsoft.com/ and navigating through “Security info” or “Security & privacy” to “Additional security verification” or directly to the “App passwords” section.

5. Modern Authentication is Fully Supported and Enforced:

   • Here’s a subtle but important point: App passwords are for applications that don’t support modern authentication. If an application like a newer version of Outlook desktop fully supports modern authentication, it won’t ask for an app password because it can handle the regular MFA flow. In fact, app passwords don’t work for accounts that require modern authentication.
   • Solution: If you’re trying to use an app password with a modern client and it’s failing, it’s likely because that client expects modern authentication OAuth 2.0. Try logging in with your regular password and completing the MFA prompt. Microsoft is actively moving away from basic authentication which app passwords rely on towards modern authentication.

6. SMTP AUTH is Disabled for SMTP-related issues:

   • If you’re trying to send email from a device via SMTP and the app password isn’t working, it could be that authenticated SMTP SMTP AUTH is disabled for your mailbox in Microsoft 365. This is often disabled by default for security reasons.
   • Solution: An administrator would need to enable SMTP AUTH for your specific mailbox in the Microsoft 365 Admin Center or Exchange Admin Center.

7. Temporary Delays:

   • Rarely, it can take a few minutes up to 20-30 for a newly generated app password to become fully active in the system. If you just created it, give it a little time.

If you’ve checked all these points and are still stuck, it’s usually time to reach out to your IT support team or Microsoft Support. They can look into specific account settings that might be blocking the feature.

App Passwords vs. Modern Authentication: Understanding the Difference

This can get a bit confusing, so let’s clear up the air between app passwords and modern authentication. They both deal with getting into your Microsoft 365 account, but they do it in fundamentally different ways and are meant for different scenarios.

What is Modern Authentication OAuth 2.0?

Modern authentication is essentially the smart, secure, and user-friendly way to log into your Microsoft 365 services today. It uses an industry-standard protocol called OAuth 2.0 Open Authorization.

Here’s how it generally works:

• When you log into an application like the latest Outlook desktop app, Outlook on the web, or Microsoft Teams that supports modern authentication, it doesn’t ask for your password directly.
• Instead, it redirects you to a Microsoft login page in a web browser or a pop-up that functions like a browser.
• You enter your username and password there, and then, if MFA is enabled, you complete your second verification step e.g., a push notification to your Microsoft Authenticator app, a code via SMS.
• Once successfully authenticated, Microsoft issues a token to the application. This token grants the app temporary, limited access to your resources without ever giving it your actual password.
• The beauty of modern authentication is that your password is never stored by the application, and the access tokens can be revoked or expire, making it much more secure. It also allows for more granular control over permissions.

The Role of App Passwords

As we’ve discussed, app passwords are a workaround. They exist for legacy applications or devices that do not support modern authentication. These older applications expect a username and a single password. When MFA is enabled on your account, your regular password won’t work in these apps because they can’t handle the “second factor” step.

So, an app password steps in:

• It’s a single-use password that you generate from your Microsoft account settings.
• You input this app password instead of your regular password into the older application.
• Once entered, the application can authenticate with Microsoft 365 without triggering the MFA prompt because the app password effectively “bypasses” that interactive step for that specific app.

Key Differences and Why It Matters:

Feature	Modern Authentication OAuth 2.0	App Passwords
Authentication Method	Token-based, redirects to Microsoft login for verification.	Password-based, single, randomly generated password.
MFA Integration	Fully supports and requires interactive MFA.	Bypasses interactive MFA for legacy apps.
Security	Higher. passwords not stored, tokens are temporary/revocable.	Lower. a static password, though unique per app.
Best Use Case	Modern applications Outlook desktop 2013+, Outlook mobile, Teams.	Legacy apps, devices printers, scanners, older mail clients.
User Experience	Seamless, interactive prompts.	One-time entry, then no further prompts for that app.

The Big Picture: Microsoft’s Push Away from Basic Authentication

It’s important to know that Microsoft has been actively deprecating and disabling basic authentication the old-school username-and-password method across its services, including Exchange Online. This move is all about boosting security, as basic authentication is a major target for cyberattacks like credential stuffing and phishing.

Because app passwords fundamentally rely on a form of basic authentication albeit a more secure, isolated one for MFA-enabled accounts, their long-term future is somewhat in question. While they are still supported for now, especially for specific legacy scenarios, the general trend is to move everything to modern authentication.

What this means for you: Always prioritize using modern authentication whenever an application supports it. Only resort to an app password when you truly have no other option for a specific legacy app or device.

Best Practices for Using App Passwords Securely

App passwords are a handy tool, but like any powerful security feature, they need to be handled with care. To get the most out of them without compromising your overall security posture, here are some best practices you should follow:

1. Generate One App Password Per Application or Device:

   • It might feel easier to use the same app password for your old iPhone mail app, your desktop Outlook 2010, and your office printer. But resist the urge!
   • Why? If you generate a unique app password for each, and one device is lost or compromised, you can revoke just that specific password without affecting access for your other applications. This minimizes the blast radius of a potential breach.

2. Don’t Reuse App Passwords:

   • This goes hand-in-hand with the point above. Never use an app password as your regular Microsoft account password, or as an app password for another Microsoft account. They are meant to be unique to a single application and your specific account.

3. Store Them Securely and Never Memorize Them:

   • App passwords are long, random strings of characters, making them difficult to guess—and impossible to memorize. You’re not supposed to remember them.
   • The safest place to store them is in a dedicated password manager. Tools like are built exactly for this purpose, providing encrypted storage for all your credentials. This way, you can easily copy and paste them when needed without writing them down or saving them in insecure documents.
   • Never jot them down on sticky notes, save them in plain text files on your computer, or email them to yourself even if it’s “just for a moment”. These practices are huge security risks.

4. Revoke When No Longer Needed or If Compromised:

   • Made a mistake and used one app password for multiple devices? No problem, just revoke it and create new, unique ones.
   • Sold an old phone? Got rid of a legacy printer? Immediately go into your Microsoft account security settings and revoke the app passwords associated with those devices.
   • If you ever suspect an app password might have been exposed or used by someone unauthorized, revoke it right away and create a fresh one if the application still needs it.

5. Prioritize Modern Authentication:

   • Remember, app passwords are a bridge for legacy systems. Whenever possible, use applications that support modern authentication OAuth 2.0. These applications offer a more secure and seamless experience, integrating directly with your MFA. If your current app is old, check if there’s an updated version that supports modern authentication before resorting to an app password.

By following these practices, you can leverage the convenience of app passwords for your older applications while still maintaining a robust and secure environment for your Microsoft 365 account.

Frequently Asked Questions

Do I need an app password if I use the latest Outlook desktop client e.g., Outlook 2016, 2019, or Microsoft 365 Apps?

Generally, no. Modern versions of Outlook 2013 and later, including Outlook as part of Microsoft 365 Apps fully support modern authentication OAuth 2.0. This means they can handle the interactive multi-factor authentication prompts directly, so you can just use your regular password and complete the MFA verification. You only need an app password for older Outlook versions like 2010 or earlier or if you’re experiencing specific, unusual compatibility issues.

Can I use the same app password for multiple devices or applications?

While you can technically use the same app password for multiple applications or devices, it’s generally not recommended for security reasons. The best practice is to generate a unique app password for each application or device that requires one. This way, if one device is lost or compromised, you can revoke just that specific app password without affecting the access of your other applications. It makes managing your security much more granular and effective.

What happens if I forget my app password?

You cannot “recover” an app password once it’s created and copied. They are designed to be known only at the moment of creation. If you forget or lose an app password, don’t worry! You simply need to go back to your Microsoft account security settings as outlined in the “How to Create an App Password” section, revoke the old one if you remember which it was or simply revoke all, and generate a brand new app password for the application or device that needs it.

Is an app password less secure than my regular password?

In a way, yes, but it’s a necessary compromise for compatibility. An app password itself is a strong, randomly generated string, making it hard to guess. However, it essentially bypasses the interactive second factor of MFA for that specific application. This means that if someone gains access to that particular app password, they could access your account through the associated application without needing your second MFA factor. Your regular password, when combined with MFA, provides a higher overall layer of security because it always requires that second verification step. That’s why app passwords should only be used when modern authentication isn’t supported.

My app password isn’t working, what should I do?

If your app password isn’t working, here are a few things to check: Best Password Manager: Secure Your Digital Life Today

1. Did you copy it correctly? Ensure there are no extra spaces or incorrect characters. It’s best to copy-paste directly.
2. Is MFA enabled on your account? App passwords only work if MFA is active.
3. Has your administrator allowed app password creation? In some organizational settings, this feature might be controlled by an admin.
4. Is the application actually old/legacy? If the app supports modern authentication like current Outlook versions, it won’t use an app password and will expect your regular password with an MFA prompt.
5. Did you just create it? Sometimes it takes 20-30 minutes for a new app password to fully register.
6. Are you using the correct SMTP/IMAP/POP settings? Double-check server addresses, ports, and encryption types if configuring for a device like a printer.
   If you’ve checked all these and are still stuck, it’s a good idea to contact your IT support or Microsoft Support.

Can my admin create an app password for me?

No, an administrator cannot directly create an app password for your individual user account and then hand it to you. App passwords are generated by the user from their own security settings page. However, your administrator plays a crucial role in enabling the ability for users to create app passwords if it’s disabled at an organizational level. If you’re unable to generate one, your admin can verify that your account has MFA enabled and that the organizational policy allows app password creation.