Blog

Outlook App Passwords Are Gone for Personal Accounts: What to Do Instead

Microsoft now requires Modern Authentication for Outlook.com, Hotmail.com, Live.com, and MSN.com personal email in non-Microsoft mail apps. Here is what changed, who it affects, and what still works.

Published

March 25, 2026

If an email guide still tells you to create an Outlook app password for a personal Microsoft email account, that guide is out of date.

Microsoft has already moved personal Outlook users away from Basic Authentication in third-party email apps. In practice, that means password-based IMAP, POP, and SMTP sign-in is no longer the safe assumption for Outlook.com, Hotmail.com, Live.com, and MSN.com personal mailboxes.

What changed?

Microsoft announced that personal Outlook email users would need Modern Authentication in non-Microsoft email apps. The cutoff took effect on September 16, 2024 for personal Outlook email access in third-party clients.

The important practical change is simple:

  • Basic Authentication is no longer the supported path for personal Outlook accounts in non-Microsoft mail apps
  • Old setup guides that rely on account passwords or app passwords for Outlook personal mailboxes can now fail even when the server names are correct
  • OAuth-based Microsoft sign-in is the path that users should expect instead

Which accounts are affected?

This change is most important for Microsoft's personal email brands:

  • outlook.com
  • hotmail.com
  • live.com
  • msn.com
If you use one of those addresses in a third-party email app, you should assume Modern Authentication is required.

Are app passwords still available anywhere?

For personal Outlook accounts, the answer is effectively no for this use case.

Microsoft's own support guidance for personal Outlook users points people to Modern Authentication, not app passwords. Community answers on Microsoft Learn also make the distinction that some Microsoft 365 business or school environments may still expose app-password-related settings under admin control, but that is not the same thing as saying personal Outlook accounts still support password-based IMAP sign-in in third-party apps.

So the safe rule is:

  • Personal Outlook account: use OAuth / Modern Authentication
  • Microsoft 365 work or school account: check tenant policy, because admins may control what is allowed
Even in Microsoft 365 environments, Microsoft is still pushing customers toward Modern Authentication and away from legacy password-based flows.

What still works?

For personal Microsoft email accounts, what still works is:

  • Microsoft OAuth sign-in in third-party email apps that support it
  • Microsoft Outlook and other Microsoft apps using Microsoft's supported auth flow
  • Third-party clients that have implemented Modern Authentication correctly
What you should not rely on:
  • Manual IMAP password setup for personal Outlook accounts
  • Old "generate an app password" instructions written before the 2024 change
  • Troubleshooting steps that assume any login failure is just the wrong password
Sometimes the password is fine. The auth method is the real problem.

What this means for Patriot Mail users

For personal Outlook accounts, the correct direction is to use the Outlook sign-in button and continue through Microsoft OAuth.

If a user tries to connect a personal Outlook mailbox through manual password entry:

  • the IMAP and SMTP hostnames may still look valid
  • the connection can still fail because Microsoft blocks the legacy auth method
  • switching to OAuth is usually the actual fix
That is why Patriot Mail should guide Outlook personal-account users toward OAuth first, not toward app-password instructions.

Why this matters beyond Outlook

This is part of a larger pattern across email providers:

  • major providers are tightening authentication rules
  • legacy username/password mail access is getting less reliable
  • OAuth is becoming the expected path for mainstream consumer accounts
For users, that usually means one thing: older setup guides age badly. A hostname can stay the same for years while the authentication policy changes underneath it.

The practical takeaway

If you are connecting a personal Microsoft mailbox in 2026:

1. Do not look for an Outlook app password first. 2. Start with Microsoft OAuth / Modern Authentication. 3. Treat old Basic Auth setup guides as historical unless they explicitly mention the September 16, 2024 change. 4. If the account is a Microsoft 365 work or school account, verify the tenant's current authentication policy with the admin.

For personal Outlook accounts, "use OAuth" is no longer just a best practice. It is the expected setup path.

Sources

---

Questions? Contact us at hello@patriotmail.ai.

Are you sure?