Enabling two factor authentication in Outlook 2013 with Office365

This post will go over what you need to do to enable two factor authentication in Office 2013 with a backend Office365 mail server (so you don't need to use app passwords).  This process sets up the 'modern authentication' login window for Office 2013 programs.

Step one - from a Powershell command prompt run this command (info from here):
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Step two - Add group policy to push modern authentication registry entries to Office 2013 computers

https://support.office.com/en-us/article/Enable-Modern-Authentication-for-Office-2013-on-Windows-devices-7dc1c01a-090f-4971-9677-f1b192d6c910?ui=en-US&rs=en-US&ad=US&fromAR=1

After step two is complete, I'd recommend waiting a couple days for all the users to get these settings added to their registry via group policy..  

Step three - enable 2FA from the Office Portal:

Setting Up Two Factor Authentication in Office365

This post will go over the steps a person will need to take in setting up two factor authentication for Office365.  As of 2016, two factor authentication is the the most common option for secure access to cloud based systems.

Step 1: Ask your administrator to enable two factor authentication (can only be enabled by an administrator)

Step 2: Go to https://account.activedirectory.windowsazure.com/profile/

Step 3: Log in with your email address

Step 4: Click Set up now

Step 5: Set up the second authentication method.  For 99% of people, this will be a text message to your cell phone

Step 6: Click Contact me.  You'll a code sent to your cell phone.  Enter that code on the next page to verify successful receipt of the code.  Click Verify after entering the code.

Step 7: Click Done (you can ignore the other text in the window)

Step 8: Click Additional Security Verification

Step 9: Confirm that the settings look right (they should look right if you've gotten this far)

Step 10: Click on "app passwords"

Step 11: Click Create

Click 12: Give the name to the app password you're creating.  With near certainty, the first one you'll want to create will be for Outlook.  You'll be creating an app password for *each* non-web based program/device you use.  You cannot reuse app passwords.  Let's say you've got a tablet, a phone, two different Outlook installations (on two different computers), and a Skype for Business installation.  That's five different programs and you'll need five separate app passwords.  I recommend naming each app password for the program you'll be using.  For example, you might call them Outlook laptop, Outlook desktop, iphone 7, Galaxy S7, iPad, Skype for Business, or something similar.

Step 13: Use the app password the system gives you and track it.  Within the next two hours, your devices (Outlook or phone or tablet etc) will prompt you for a password for your email account.  Instead of using your regular password, you'll use the app password.  You *cannot* reuse app passwords, so you should be sure to 1) make as many passwords as you need and 2) track them until you first use them (the app passwords are useless after you first use them).

link for getting application specific passwords for gmail 2 factor (2 step) authentication

Gmail 2 step authentication is a security measure that greatly reduces the hackability of your gmail account.  But it's also a but of a pain as several items (like the password you enter in your iphone) are no longer your password, but an "application specific password" that google creates for you.

In order to get your application specific password, you need to log on to your google account and go here:
https://www.google.com/accounts/IssuedAuthSubTokens

From there, you'll be able to get your application specific password for entering into different locations that need your gmail password after you've enabled 2 step authentication.