If you got the famous 2-auth factor turned on at your Gmail account, you have to put a 6-digit numeric code each time you log in into your account, right? Welp, there’s applications that doesn’t allow you to do that because they don’t have the GMail’s OAuth2 support (they have their reasons, of course).
An example is a better explanation: you want to set up Mutt (because it’s the best mail client ever made). So you go to the .muttrc file and put your password in plain-text (don’t do that, please). After that, you execute whatever-you-have-set-up to sync your mail and PUM!… It fails and someone killed a kitty because of that (sad story :().
But it fails because of the 2-auth factor (supposing that you did all the config correctly). Here’s the thing: you don’t need the 2-auth code to use Mutt with your GMail account.
As the title says, it’s a password for each app you want. I saw two advantages to use it:
- You can use it in whatever application you want (not the web).
- You don’t have to have your mobile by your side to put the 6-digit code.
You might think it can be a security problem. Note that if you want to set up it, you first have to set up the 2-auth factor. So you have 2 steps to log in into your account (and it’s dificult to know that 2 things if you’re careful).
You’ll see something like this:
Obviously, it’s empty. In order to create one app password, you need to set up the app you want and the device in which you’re going to use it. If you choose “Other” in both dropdowns, it lets you to put the name you want (e.g. Mutt - Nexus 4). You can see that in the next two images:
After completing that two things, you click on Generate, and then this appears:
In this fourth image I blured the password, but it is a 4-block of 4 characters. Once it’s generated, you MUST use it before clicking on Done. Why? Because once you click on it, you’ll not be able to see it again. It means you’ll have to revoke it and generate a new one (which it may cause to resync 1 to n apps).
And after all this steps, you’ll see this:
App passwords is a great idea because of the reliability for the user. You can generate all the passwords you want (even one for each app you’ll going to use) and don’t worry about the fact you’ll need your mobile phone every time (only when you’d like to generate new passwords).
I suggest you to try this with the mail client K-9 Mail.