If you type an incorrect set of credentials, and then cancel a password prompt, Outlook may continue to send requests with the incorrect set of credentials. This could cause an account lockout.
To fix this issue, install April 2, 2019, update for Outlook 2016 (KB4464502).
After applying it, Outlook 2016 is disallowed to send requests by default during Need Password.
With June 4, 2019, update for Outlook 2016 (KB4464585), the default
behavior is changed to enable Outlook 2016 to send requests during Need
Password. If you need to revert the previous behavior, set the value of the AllowRequestsInNeedPasswordBehavior
registry key to 0.
Value Name: AllowRequestsInNeedPasswordBehavior
The default value is 3. Any values greater than 2 allow both legacy and MAPI/HTTP providers to send requests during Need Password. This could lead to an account lockout if an incorrect password is supplied.
If the value of the registry key is set to 0, it disallows both legacy and MAPI/HTTP providers to send requests during Need Password.
If the value of the registry key is set to 1, legacy providers can send requests, but MAPI/HTTP providers can't.
If the value of the registry
key is set to 2, legacy providers can't send requests, but MAPI/HTTP