I thought I wrote about this a few weeks ago, right after Microsoft introduced two-step authentication at Outlook.com but I can't find it, so if it's a duplicate, sorry. :)
Two-factor (or two-step) authentication is used by many sites and services to protect your accounts from hackers. Facebook, Gmail, GoDaddy, Twitter, and Outlook.com are among the growing number of sites that use two factor authentication.
How it works: when you log into your account from a device, you need to use a special code or password to access a site. This code is sent by text message (or email) and is only valid for a short period, usually 20 minutes. If you're fooled by a phisher and use two factor auth, the bad guys can't get into your account without this code, unless they also have your phone.
When you log into an account online, you're presented with a screen that asks you to enter the code you received by text message. Email clients can't display the second authorization screen so you need to use a special "app password" instead of your normal password, which you created when you set up two-factor auth. One password can be used with multiple devices, so copy the password and keep it in a safe place. You can use one app password on all devices or create one for each device. If you need to revoke app passwords at Outlook.com, all passwords are revoked.
This works great, as long as you remember that you need to use the app password when setting up email accounts. Based on the number of "my password doesn't work" and "Outlook won't log in" questions I see, a lot of users forgot they need to use the app password.
Enable Two-Factor Authentication
To enable two-factor authentication in Outlook.com, log into your account, click on your name and choose Account Settings, then Security info. Click the link for Set up two-step verification then Next to enable it.
Click on the link to Create a new app password. You'll use this password in Outlook instead of your real password. (This app password is no longer valid for my account.)
The process is similar for Gmail, however, you can label your app passwords and revoke individual passwords, which is helpful if one device is compromised.
Create an App Password in Gmail
It's easier to show how to navigate to the Google App password screen than it is to explain the way there, but if you prefer written steps with screenshots, see Gmail in Outlook: unable to connect to email
Published May 30, 2013. Last updated on March 8, 2017.