Using Two-factor authentication in Outlook

I thought I wrote about this a few weeks ago, right after Microsoft introduced two-step authentication at Outlook.com but I can't find it, so if it's a duplicate, sorry. :)

Two-factor (or two-step) authentication is used by many sites and services to protect your accounts from hackers. Facebook, Gmail, GoDaddy, Twitter, and Outlook.com are among the growing number of sites that use two factor authentication.

How it works: when you log into your account from a device, you need to use a special code or password to access a site. This code is sent by text message (or email) and is only valid for a short period, usually 20 minutes. If you're fooled by a phisher and use two factor auth, the bad guys can't get into your account without this code, unless they also have your phone.

When you log into an account online, you're presented with a screen that asks you to enter the code you received by text message. Email clients can't display the second authorization screen so you need to use a special "app password" instead of your normal password, which you created when you set up two-factor auth. One password can be used with multiple devices, so copy the password and keep it in a safe place. You can use one app password on all devices or create one for each device. If you need to revoke app passwords at Outlook.com, all passwords are revoked.

This works great, as long as you remember that you need to use the app password when setting up email accounts. Based on the number of "my password doesn't work" and "Outlook won't log in" questions I see, a lot of users forgot they need to use the app password.

Enable Two-Factor Authentication

To enable two-factor authentication in Outlook.com, log into your account, click on your name and choose Account Settings, then Security info. Click the link for Set up two-step verification then Next to enable it.

Enable Outlook.com's two-step auth
A new entry is added to the Security info list called App passwords.

App password link

Click on the link to Create a new app password. You'll use this password in Outlook instead of your real password. (This app password is no longer valid for my account.)

App passwords

The process is similar for Gmail, however, you can label your app passwords and revoke individual passwords, which is helpful if one device is compromised.

Create an App Password in Gmail

It's easier to show how to navigate to the Google App password screen than it is to explain the way there.

Published May 30, 2013. Last reviewed on April 10, 2014.

  • Una Paxton

    How do I cancel 2 step verification ? I cannot log into my account. my email is alias@live.co.za.

  • Diane Poremsky

    Ypou need to log into your account online at outlook.com (or live.co.za if that is where you log on) and remove it from there - go to the Gear icon, More mail settings, Security info.

  • Bill Marshall

    This is essential if you are trying to IMAP your gmail to another computer. I wasted a day trying to set up IMAP before discovering this.