If Outlook keeps rejecting your IMAP credentials or throws a cryptic "Cannot connect to server" error every time you try to add or re-authenticate your email account, you are not alone. This is one of the most common support tickets we see, and the good news is that the fix is almost always straightforward once you know where to look. In this guide I will walk you through every possible cause, from a simple typo in your port number to app-specific passwords, modern authentication policies, and firewall blocks, and show you exactly how to resolve each one.

What Does "Outlook Won't Let Me Sign Into My IMAP Server" Actually Mean?

When Outlook fails to authenticate against an IMAP server, you will typically see one of these error messages:

  • "Your IMAP server wants to alert you to the following: Please log in via your web browser."
  • "Cannot connect to the server. Verify the server information is entered correctly in your account settings."
  • "The server responded: NO [AUTHENTICATIONFAILED] Authentication failed."
  • "Log onto incoming mail server (IMAP): Outlook cannot connect to your incoming (IMAP) email server."
  • "Need password" prompt that keeps reappearing even after you enter the correct password.

Each of these messages points to a slightly different root cause, but they all share the same theme: Outlook is trying to talk to your mail server's IMAP port, and either the credentials are wrong, the connection settings are misconfigured, or the server itself is refusing the authentication method Outlook is using.

Understanding the distinction matters because it determines which fix you apply first. A "log in via your web browser" message, for example, almost always means your mail provider has enabled OAuth 2.0 or two-factor authentication and Outlook is trying to use a plain password instead. An "authentication failed" message, on the other hand, might simply mean you have a typo in your password or username.

Why Does This Happen? The Root Causes Explained

1. Your Mail Provider Disabled Basic Authentication

This is the single biggest reason people hit IMAP sign-in walls in 2024 and beyond. Starting around 2022, providers like Google (Gmail), Microsoft (Outlook.com/Hotmail), and Yahoo began aggressively retiring "Basic Auth", the old username-and-password method, in favor of OAuth 2.0, which requires an app-specific password or a special token-based sign-in flow. If you have been using the same Outlook account configuration for years and it suddenly stopped working, this is almost certainly why.

2. Incorrect Server Hostname or Port Number

IMAP servers listen on specific ports. The standard encrypted port is 993 (SSL/TLS). Port 143 is the unencrypted fallback. If your Outlook profile has the wrong port, say, 465 (which is for SMTP, not IMAP) or 587, the connection will fail before authentication even starts. A mistyped server hostname like iamp.gmail.com instead of imap.gmail.com will produce the same result.

3. Wrong Encryption Setting

Even with the right hostname and port, if the encryption method does not match what the server expects, the handshake will fail. Most modern servers require SSL/TLS on port 993. If your Outlook settings say "None" or "STARTTLS" but the server expects pure SSL/TLS, the connection drops before your credentials even get sent.

4. Two-Factor Authentication Is Enabled

If you turned on 2FA for your email account and you are trying to use your regular account password in Outlook, it will not work. Services that support 2FA require you to generate a special "app password", a one-time, 16-character password you create in your account security settings, specifically for apps that do not support the interactive 2FA flow.

5. IMAP Access Is Disabled in Your Webmail Settings

Some providers disable IMAP access by default and require you to explicitly enable it in your account settings. Gmail is a classic example of this. If you never toggled on IMAP in Gmail's settings, Outlook has nowhere to connect to.

6. Antivirus or Firewall Is Intercepting the Connection

Security software that performs SSL inspection, where it decrypts and re-encrypts your traffic to scan it, can corrupt the SSL certificate chain that Outlook expects. When the certificate the firewall presents does not match what the mail server signed, Outlook refuses the connection. Corporate networks with aggressive proxy settings are especially prone to this.

7. Outlook's Credential Cache Is Corrupted

Windows stores your email credentials in the Windows Credential Manager. If an old, wrong password is cached there, Outlook will keep silently using it even after you update your password in the account settings. The result is an endless "enter password" loop.

8. Outdated Outlook Version

Older versions of Outlook, particularly Outlook 2010 and Outlook 2013, do not support OAuth 2.0 at all. If your provider has fully retired Basic Auth, those versions of Outlook simply cannot connect regardless of what settings you use.

Step-by-Step Fix: Start Here

1
Verify Your IMAP Server Settings Are Correct

Before anything else, confirm you have the right server details. Here are the correct settings for the most common providers:

Provider IMAP Server Port Encryption
Gmail imap.gmail.com 993 SSL/TLS
Outlook.com / Hotmail outlook.office365.com 993 SSL/TLS
Yahoo Mail imap.mail.yahoo.com 993 SSL/TLS
Apple iCloud imap.mail.me.com 993 SSL/TLS
Zoho Mail imap.zoho.com 993 SSL/TLS

In Outlook, go to File > Account Settings > Account Settings, double-click your email account, then click More Settings > Advanced. Confirm the incoming server port is 993 and the encryption method is SSL/TLS. Save and test.

Tip: If your mail server is provided by your web hosting company (cPanel, Plesk, etc.), log into your hosting control panel and look for the "Mail" or "Email Accounts" section. There will be a "Configure Mail Client" or "Set Up Mail Client" button that shows you the exact server name, port, and SSL settings for your specific account.
2
Enable IMAP in Your Email Provider's Web Settings

This step is critical for Gmail and some other providers. IMAP is not always on by default.

For Gmail:

  1. Go to mail.google.com in a browser and sign in.
  2. Click the gear icon in the top-right corner and select See all settings.
  3. Click the Forwarding and POP/IMAP tab.
  4. Under the "IMAP access" section, select Enable IMAP.
  5. Click Save Changes.

For Yahoo Mail:

  1. Sign into Yahoo Mail in a browser.
  2. Click the gear icon and go to More Settings.
  3. Click Mailboxes in the left panel.
  4. Select your Yahoo Mail address and make sure IMAP is listed and active.
3
Generate an App-Specific Password (Critical for 2FA Users)

If you have two-factor authentication or two-step verification enabled on your account, you must use an app password. Your regular account password will always fail, no matter how many times you enter it correctly.

For Gmail:

  1. Go to your Google Account at myaccount.google.com.
  2. Click Security in the left sidebar.
  3. Under "How you sign in to Google," click 2-Step Verification.
  4. Scroll to the bottom and click App passwords.
  5. Select Mail as the app and Windows Computer as the device.
  6. Click Generate. Google will show you a 16-character password.
  7. Copy this password and use it in Outlook instead of your regular Gmail password.

For Microsoft/Outlook.com accounts:

  1. Go to account.microsoft.com and sign in.
  2. Click Security > Advanced security options.
  3. Under "App passwords," click Create a new app password.
  4. Copy the generated password and use it in Outlook's account settings.
Warning: The app password is shown only once. Copy it to a safe place before closing the window. If you lose it, you will need to revoke it and generate a new one. Do not store app passwords in plain text documents on your desktop.
4
Clear the Cached Credentials in Windows Credential Manager

Outlook caches your email credentials in the Windows Credential Manager. If you recently changed your password or generated an app password, the old credentials may still be cached and overriding whatever you type in the Outlook prompt.

  1. Press Windows + S and search for Credential Manager. Open it.
  2. Click Windows Credentials.
  3. Scroll through the list and look for any entries that contain your email address or your mail provider's name (e.g., "MicrosoftOffice16_Data:SSPI:your@email.com" or entries containing "imap.gmail.com").
  4. Click on each relevant entry to expand it, then click Remove.
  5. Confirm the removal when prompted.
  6. Restart Outlook. It will now prompt you for fresh credentials, enter your new password or app password here.
5
Remove and Re-add the Email Account in Outlook

If clearing credentials did not help, remove the account entirely and add it back from scratch. This forces Outlook to rebuild its configuration profile for that account.

  1. In Outlook, click File > Account Settings > Account Settings.
  2. Select the problematic email account and click Remove.
  3. Confirm the removal. (Your emails are stored on the server and will sync back, you are not deleting them.)
  4. Click New to add the account again.
  5. When Outlook's auto-discover tries to configure the account automatically, click Advanced options and check Let me set up my account manually.
  6. Select IMAP from the account type list.
  7. Enter your server settings precisely as shown in Step 1 above.
  8. In the password field, enter your app password (if 2FA is enabled) or your regular password.
  9. Click Connect.
Tip: When manually setting up the account, pay close attention to the username field. Some IMAP servers expect just the local part of your email (e.g., "john.smith") while others expect the full email address (e.g., "john.smith@yourdomain.com"). If one format fails, try the other.

Advanced Troubleshooting

Test the IMAP Connection with a Raw Telnet or OpenSSL Command

If you are not sure whether the problem is in Outlook's configuration or in the network itself, you can bypass Outlook entirely and test the IMAP connection directly from the command line. This tells you definitively whether port 993 is reachable.

Open a Command Prompt or PowerShell window and type:

openssl s_client -connect imap.gmail.com:993

If OpenSSL is not available on your machine (it is not installed by default on Windows), you can also use PowerShell:

Test-NetConnection -ComputerName imap.gmail.com -Port 993

If TcpTestSucceeded : True appears in the output, your network can reach the IMAP server and the problem is in Outlook's configuration or credentials. If it shows False, something on your network (firewall, ISP block, VPN) is preventing the connection.

Disable SSL Inspection in Your Antivirus or Security Software

Security software like Avast, ESET, Kaspersky, Bitdefender, and others perform "HTTPS/SSL scanning" by default. This intercepts your encrypted connections and re-signs them with the antivirus's own certificate. Outlook checks the server's certificate against a list of trusted certificate authorities. When the antivirus-signed certificate appears instead, Outlook may reject it.

To test this theory, temporarily disable your antivirus's email scanning or SSL inspection feature and try connecting Outlook again. The exact location of this setting varies by software:

  • Avast: Menu > Settings > Protection > Core Shields > Web Shield > uncheck "Enable HTTPS scanning"
  • ESET: Setup > Advanced Setup > Web and Email > SSL/TLS > toggle off
  • Kaspersky: Settings > Additional > Network > uncheck "Inject script into web traffic to interact with web pages"

If Outlook connects after disabling SSL inspection, you will need to either add a permanent exception for your mail server in your security software, or consult your antivirus vendor's documentation for adding trusted servers.

Check for a Conflicting VPN or Proxy

VPNs route your traffic through a different IP address and sometimes a different network path entirely. If your mail provider uses IP-based reputation filtering or rate limiting, your VPN's exit node IP might be on a block list. Try disconnecting from your VPN and testing Outlook again. If it works without the VPN, you have two options: use split tunneling to exclude email traffic from the VPN, or contact your VPN provider about obtaining a clean IP.

Similarly, if your organization routes internet traffic through a web proxy, the proxy may block outbound connections on port 993. Contact your IT department to confirm that port 993 is open for outbound connections.

Repair Your Outlook Profile

A corrupted Outlook profile can cause all sorts of authentication problems. You can create a new profile without losing your data:

  1. Close Outlook completely.
  2. Press Windows + R, type control mlcfg32.cpl, and press Enter. This opens the Mail setup panel.
  3. Click Show Profiles.
  4. Click Add to create a new profile. Give it a name like "New Profile."
  5. Add your email account to this new profile using the manual IMAP settings.
  6. Set it as the default profile and open Outlook.

If the new profile works, your old profile was corrupted. You can safely delete it from the Mail setup panel once you are satisfied that the new profile is working correctly.

Update Outlook to the Latest Version

Older versions of Outlook, especially Outlook 2010 and 2013, have incomplete OAuth 2.0 support. If your mail provider has fully retired Basic Auth, these versions will never successfully authenticate no matter what settings you use. To update:

  • Microsoft 365 / Office 365: Open Outlook, go to File > Office Account > Update Options > Update Now.
  • Standalone Office 2019/2021: Make sure Windows Update is enabled and has delivered the latest Office updates.
  • Outlook 2016 and older: Seriously consider upgrading to Microsoft 365 or a newer standalone version.

Check for "Less Secure App Access" Settings (Gmail Legacy)

If you are using an older Outlook version that does not support OAuth and you have not yet enabled 2FA, Gmail used to offer a "Less secure app access" toggle. As of May 2022, Google has removed this option entirely for personal accounts. This means that if you are on Outlook 2010/2013 without OAuth support and are connecting to Gmail, you are stuck. Your only options are to use an app password (which requires 2FA to be enabled first) or upgrade your version of Outlook.

Examine Outlook's IMAP Error Logs

For deep diagnosis, you can enable verbose logging in Outlook to see exactly what is happening during the authentication handshake:

  1. Go to File > Options > Advanced.
  2. Scroll to the "Other" section and check Enable troubleshooting logging.
  3. Restart Outlook and attempt to connect.
  4. The log files are saved to %TEMP%\Outlook Logging\ on your machine. Open the most recent .log file in Notepad and search for "IMAP" or "error" to find relevant entries.

The log will contain the raw server responses, which often include specific error codes that point directly to the cause. For example, a response of NO [AUTHENTICATIONFAILED] means the credentials are wrong. A response of NO [UNAVAILABLE] means the server is temporarily blocking the connection, often due to too many failed login attempts.

Special Cases: Business and Corporate Email

Microsoft 365 Business Accounts

If your email is managed by your company through Microsoft 365 (formerly Office 365), your IT administrator may have disabled IMAP access at the organization level or enabled Conditional Access policies that prevent non-compliant apps from connecting. In this case, no amount of credential tweaking on your end will fix the problem, you need to contact your IT department and ask them to either enable IMAP for your mailbox or whitelist your device in the Conditional Access policy.

Your IT admin can check IMAP status in the Microsoft 365 admin center under Users > Active Users > [your account] > Mail tab > Manage email apps. Make sure "IMAP" is checked.

cPanel / Web Hosting Email

If your IMAP server is provided by a shared web hosting company, common issues include:

  • Using mail.yourdomain.com as the server name when your hosting provider requires you to use their server's hostname (e.g., server123.hostingprovider.com) until your DNS has fully propagated.
  • SSL certificate mismatch, your domain may not yet have an SSL certificate, requiring you to use port 143 with STARTTLS temporarily, or to accept a certificate warning.
  • Incorrect password, cPanel email account passwords are set separately from your cPanel login password. Log into cPanel, go to Email Accounts, and use the "Manage" option to reset the password for the specific mailbox.

How to Prevent This Problem in the Future

Keep Your App Passwords Organized

Create a dedicated section in your password manager for app passwords. Label each one clearly with the service it is for and the app it authorizes (e.g., "Gmail, Outlook on Dell laptop"). When you change your main Google or Microsoft password, remember to also revoke and regenerate all app passwords, as they become invalid when the parent password changes in some configurations.

Use Modern Authentication Wherever Possible

If you are using Outlook 2016 or later with a Microsoft 365 account, modern authentication (OAuth 2.0) is your best bet. It is more secure than app passwords and does not break when you change your regular password. Make sure you are using the correct server addresses (outlook.office365.com) so Outlook can trigger the OAuth flow rather than basic auth.

Keep Outlook and Windows Updated

Microsoft regularly patches authentication bugs and adds support for new provider requirements in Outlook updates. Running an up-to-date version minimizes the chance of a sudden connectivity failure when a provider changes their authentication requirements.

Document Your Server Settings

Write down (or save in your password manager) the exact IMAP server hostname, port, and encryption method that you are using. If you ever need to reinstall Outlook or set up a new machine, you will have the correct settings on hand without needing to research them again.

Monitor Your Provider's Announcements

Providers like Google and Microsoft announce authentication changes months in advance. Google's Workspace Admin newsletter and Microsoft's Message Center in the admin portal are the primary channels for these announcements. Even as a personal user, keeping an eye on your provider's blog or security announcements page will give you early warning before a change breaks your setup.

Frequently Asked Questions

Why does Outlook keep asking for my password even after I enter it correctly?
This almost always means the old, wrong password is cached in Windows Credential Manager. Outlook silently uses the cached credential instead of prompting you fresh. Go to Control Panel > Credential Manager > Windows Credentials, find and delete all entries related to your email account, then restart Outlook and enter your credentials again. If you have 2FA enabled, make sure you are entering an app-specific password, not your regular account password.
Should I use port 143 or 993 for IMAP in Outlook?
Always use port 993 with SSL/TLS encryption whenever your server supports it. Port 993 encrypts the entire connection from the start, protecting your credentials and email content. Port 143 with STARTTLS is an older method that starts the connection unencrypted and then upgrades it, it is less reliable and not recommended unless your server does not support port 993. Port 143 with no encryption should never be used on a public or untrusted network.
My Gmail IMAP worked for years and suddenly stopped. What changed?
Google retired Basic Authentication for personal Gmail accounts. If your Outlook version is old enough that it was using Basic Auth (plain username and password without OAuth), it will now fail. You need to either generate an App Password from your Google Account security settings (you must have 2-Step Verification enabled first) or upgrade to a newer version of Outlook that supports OAuth 2.0 and re-add the account so it triggers the OAuth sign-in flow.
Does changing my email password break Outlook's IMAP connection?
Yes, it does. When you change your email account password, any app using Basic Authentication to connect, including Outlook, will immediately lose access. You will need to update the password in Outlook's account settings and clear the old cached credential from Credential Manager. If you are using an app password for 2FA accounts, your regular password change does not invalidate the app password (on most providers), but it is good practice to regenerate app passwords after a security-related password change.
Can my internet service provider block IMAP connections?
It is rare but possible. Some ISPs, particularly in certain countries or on specific consumer-grade plans, block outbound connections on non-standard ports to reduce spam relay abuse. Port 993 is generally not blocked because it is encrypted, but port 143 may be. If you suspect your ISP is blocking the connection, run the PowerShell test (Test-NetConnection -ComputerName imap.yourprovider.com -Port 993) from your home network and then from a different network (like a mobile hotspot). If it works on the hotspot but not your home network, your ISP may be the issue. Contact them to request that port 993 be unblocked.
What is the difference between IMAP and POP3, and does it affect the sign-in problem?
IMAP (Internet Message Access Protocol) keeps your emails on the server and syncs them across all your devices. POP3 (Post Office Protocol 3) downloads emails to your device and typically deletes them from the server. From a sign-in troubleshooting perspective, they share many of the same potential failure points, wrong server name, wrong port, bad credentials, SSL issues, but the ports and server addresses differ. POP3 uses port 995 with SSL/TLS (or port 110 without). If your IMAP connection keeps failing and you do not need multi-device sync, you could temporarily switch to POP3 to see if the problem is IMAP-specific, but the more common and recommended solution is to fix the IMAP configuration properly.
I set up the account correctly but Outlook says the certificate is not trusted. How do I fix that?
A certificate trust error usually means one of three things: (1) your antivirus is performing SSL inspection and presenting its own certificate, disable SSL scanning in your antivirus settings; (2) the mail server's SSL certificate has expired or is self-signed, which is common with private web hosting mail servers, contact your mail administrator; or (3) your system's date and time are wrong, which causes all SSL certificates to appear invalid, check that your computer's clock is correct and set to sync automatically with an internet time server via Settings > Time & Language > Date & Time.
My company uses Microsoft 365 but my IT department says IMAP is not supported. Can I force it to work?
No, and you should not try to bypass your organization's policies. IMAP access in Microsoft 365 is controlled at the tenant and per-mailbox level by your IT administrators. If they have disabled it, there is likely a security or compliance reason. The correct path is to ask your IT department why it is disabled and whether there is an approved alternative (such as using the official Outlook client with modern authentication, or using Outlook for the web). Attempting to work around corporate authentication policies can violate your company's acceptable use policy.

Quick Diagnostic Checklist

Before you spend an hour digging through settings, run through this checklist in order. Most cases are resolved by item 4 or 5:

  1. Is IMAP enabled in your webmail settings? (Gmail, Yahoo, log in and check.)
  2. Are the server name and port correct? (993, SSL/TLS, confirm against the table above.)
  3. Do you have 2FA enabled? (If yes, you need an app password.)
  4. Have you cleared the Windows Credential Manager? (Remove all cached entries for your email.)
  5. Is Outlook up to date? (File > Office Account > Update Options.)
  6. Is antivirus SSL inspection turned off temporarily for testing?
  7. Does it work on a different network? (Test with your mobile phone's hotspot to rule out firewall/ISP issues.)
  8. Does a new Outlook profile fix it? (Windows + R > control mlcfg32.cpl)

Work through these in sequence and you will identify the root cause efficiently without going in circles. The vast majority of IMAP sign-in failures in Outlook come down to three things: wrong server settings, missing app passwords, or stale cached credentials. Solve those three and you solve 90% of cases.