Manage app passwords for two-step verification
Important: Your administrator might not allow you to use app passwords. If you don't see App passwords as an option, they're not available in your organization.
When using app passwords, it's important to remember:
-
App passwords are autogenerated, and should be created and entered once per app.
-
There's a limit of 40 passwords per user. If you try to create one after that limit, you'll be prompted to delete an existing password before being allowed to create the new one.
Office 2013 clients (including Outlook) support new authentication protocols and can be used with two-step verification. This support means that after two-step verification is turned on, you'll no longer need app passwords for Office 2013 clients. For more info, see the How modern authentication works for Office 2013 and Office 2016 client apps article.
Create new app passwords
During your initial two-factor verification registration process, you're provided with a single app password. If you require more than one, you'll have to create them yourself. You can create app passwords from multiple areas, depending on how two-factor verification is set up in your organization. For more information about registering to use two-factor verification with your work or school account, see Overview for two-factor verification and your work or school account and its related articles.
Where to create and delete your app passwords
-
You can create and delete app passwords, based on how you use two-factor verification:
-
Your organization uses two-factor verification and the Additional security verification page. If you're using your work or school account (such as, alain@contoso.com) with two-factor verification in your organization, you can manage your app passwords from the Additional security verification page. For detailed instructions, see "Create and delete app passwords using the Additional security verification page" in this article.
-
Your organization uses two-factor verification and the Office 365 portal. If you're using your work or school account (such as, alain@contoso.com), two-factor verification, and Microsoft 365 apps in your organization, you can manage your app passwords from the Office 365 portal page. For detailed instructions, see "Create and delete app passwords using the Office 365 portal" in this article.
-
You're using two-factor verification with a personal Microsoft account. If you're using a personal Microsoft account (such as, alain@outlook.com) with two-factor verification, you can manage your app passwords from the Security basics page. For detailed instructions, see "Using app passwords with apps that don't support two-step verification" in this article.
Create and delete app passwords
You can create and delete app passwords from the Additional security verification page for your work or school account.
-
Sign in to the Additional security verification page, and then select App passwords.
-
Select Create, type the name of the app that requires the app password, and then select Next.
-
Copy the password from the Your app password page, and then select Close.
-
On the App passwords page, make sure your app is listed.
-
Open the app you created the app password for (for example, Outlook 2010), and then paste the app password when asked for it. You should only have to do this once per app.
To delete an app password using the App passwords page
-
On the App passwords page, select Delete next to the app password you want to delete.
-
Select Yes to confirm you want to delete the password, and then select Close. The app password is successfully deleted.
Create and delete app passwords using the Office 365 portal
If you use two-step verification with your work or school account and your Microsoft 365 apps, you can create and delete your app passwords using the Office 365 portal.
To create app passwords using the Office 365 portal
-
Sign in to your work or school account, go to the My Account page, and select Security info.
-
Select Add method, choose App password from the list, and then select Add.
-
Enter a name for the app password, and then select Next.
-
Copy the password from the App password page, and then select Done.
-
On the Security info page, make sure your app password is listed.
-
Open the app you created the app password for (for example, Outlook 2016), and then paste the app password when asked for it. You should only have to do this once per app.
To delete app passwords using the Security info page
-
On the Security info page, select Delete next to the app password you want to delete.
-
Select Ok in the confirmation box. The app password is successfully deleted.
If your app passwords aren't working properly
Make sure you typed your password correctly. If you're sure you entered your password correctly, you can try to sign in again and create a new app password. If neither of those options fix your problem, contact your organization's Help desk so they can delete your existing app passwords, letting you create brand-new ones.
Next steps
-
Try out the Microsoft Authenticator app to verify your sign-ins with app notifications, instead of receiving texts or calls.