How to Enable 2-Factor Authentication for Outlook Web App

Two-factor authentication is a type of multi-factor authentication (requires 1 or more authentication methods) that increases a user’s account security by using two methods to verify your identity. 2FA usually refers to the second layer of security on top of a username and password.


Two-factor authentication involves verifying your identity using two different methods which provide significant extra security to your user accounts. Two-factor authentication is used by many applications to protect your user accounts from hackers. Facebook, Gmail, and Outlook are a few examples of applications that use two-factor authentication. Outlook 2FA is an effective authentication method when trying to protect your user accounts.

Why Do We Need 2FA?

An organization needs 2FA because it is a more effective way of controlling access to a user account than a username and password. Even if a hacker were to gain access to your username and password, they would still need to have access to the 2FA method you have in place.

Without 2FA, your username and password are your only defense against hackers. If this is the case, then you’re at even more risk of having your private information stolen. Simple passwords are no match against cyber attackers using password stealing techniques such as brute-force attacks. When data breaches occur in organizations, many times passwords are leaked to these cybercriminals and the dark web.

How Does 2FA Work?

In terms of two-factor authentication, there are three factors that can be used when deciding what sort of method you want your organization to use. 2FA can be any combination of these three factors: something you know, something you have, and something you are, like fingerprint or facial recognition. Two-factor requires only 2 of these factors whereas MFA requires all three.

Here are some examples of the three main 2FA authentication factors:

  • Knowledge factor: Something you know. This can’t be physically lost or found but it can be copied. Think of a password or a PIN code.
  • Possession factor: Something you have. This can’t be easily copied but can be stolen. Think of a personal phone device, bank card, or physical key.
  • Inherence factor: Something you are. This can’t be easily faked as it is unique to you. Think of facial or fingerprint recognition.

For a login process to qualify as two-factor authentication, two different access methods must be used. A username and password are not considered 2FA because both are knowledge factors.

An extra security question still wouldn’t be considered 2FA because it is also a knowledge factor. You would need to add either a possession or inherence factor to your knowledge factor to be considered 2FA protected.

How To Enable Outlook Web App 2FA

When you log into your account from a device, you need to use a special code or password to access your account. The special code is usually sent by text or email, (depending on what you chose as your verification method) and is only valid for a short period anywhere from 10-20mins. This prevents hackers from having a large window of opportunity should you be getting hacked at that point in time.


To enable your two-factor authentication, you need to go to your settings, click on security and toggle your 2FA to on.

It’s a simple process but when you log in to your account, You’re presented with a screen that asks you to enter the code you received by SMS. If you decide to use Email, then you need to use a special ‘app password’ instead of your regular password which you would have set up when you enabled your two-factor authentication. This app password can be used with multiple devices and should be stored in a private database.

When setting up email accounts, you have to remember to use the app password versus your own to have a successful launch.

Two-factor authentication is crucial to the security of your organization. You need to make sure that you are using at least two or more authentication methods. When you successfully enable your 2FA, you can ensure your account is properly protected against cyber criminals and their attacks.

Stefan Richard is one of the folks who can't have a life without technology, especially Microsoft products. He has more than 12+ experience in Information technology. He worked as IT trainer, network/system administrator and IT Infrastructure manager. Stefan is the co-founder of HecticGeek.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.