How to create and use app passwords for your Microsoft account

Because not all Microsoft services support security codes for two-step verification.

Matt Elliott Senior Editor
Matt Elliott is a senior editor at CNET with a focus on laptops and streaming services. Matt has more than 20 years of experience testing and reviewing laptops. He has worked for CNET in New York and San Francisco and now lives in New Hampshire. When he's not writing about laptops, Matt likes to play and watch sports. He loves to play tennis and hates the number of streaming services he has to subscribe to in order to watch the various sports he wants to watch.
Expertise Laptops | Desktops | All-in-one PCs | Streaming devices | Streaming platforms
Matt Elliott
2 min read
Martin Bureau / AFP/Getty Images

If you've set up two-step verification to protect your Microsoft account, it won't be long before you attempt to sign in to a Microsoft app or your old Xbox 360 with your account name and password only to be greeted with a message telling you that your regular password is no good and you will need an app password instead. Don't let this minor inconvenience dissuade you from continuing to use two-step verification. Creating up an app password is painless and needs to be done only once per app or device. Here's what you need to know.

What is an app password?

Not all Microsoft apps and devices support two-step verification. With older apps and devices and third-party email clients, you can't use two-step verification to receive a security code via the Microsoft Authenticator app to log in. Here is Microsoft's list of its apps and services that will require an app password if you've enabled two-step verification:

  • Outlook desktop app for your PC or Mac
  • Email apps on an iOS, Android or BlackBerry device
  • Office 2010, Office for Mac 2011, or earlier
  • Windows Essentials (Photo Gallery, Movie Maker, Mail)
  • Zune desktop app
  • Xbox 360
  • Windows Phone 8 or earlier

So that your account isn't left unprotected (or, rather, under-protected with only your regular password) on such services and devices when you've gone through the trouble of enabling two-step verification, Microsoft will steer you toward creating an app password. An app password is randomly generated from Microsoft's account security settings page. It's a long, random string of letters, but you'll use it only once. You will, however, need to generate a separate app password for each Microsoft service or device that you use that doesn't support two-step verification codes.

How do I create an app password?

Go to Microsoft's Security basics page and sign in to your Microsoft account. You'll receive a code via your authenticator app to sign in. Next, click the more security options link below basic options and then under App passwords, click Create a new app password. A new app password will be created instantly to use on any Microsoft app or device that doesn't support two-factor verification security codes.

Screenshot by Matt Elliott/CNET

How to I use an app password?

Just enter the app password on your screen on the log-in screen where you would normally enter your regular account password. To save you the trouble of needing to create and key in a new app password each time you sign in, you can check the box for Remember my credentials or Remember me. (App passwords can be used only once and can't be retrieved after you create them, but then again creating a new one is just as fast as retrieving one would be.)