captainepoch's log

Google has ‘App passwords’

If you got the famous 2-auth factor turned on at your Gmail account, you have to put a 6-digit numeric code each time you log in into your account, right? Welp, there’s applications that doesn’t allow you to do that because they don’t have the GMail’s OAuth2 support (they have their reasons, of course).

An example is a better explanation: you want to set up Mutt (because it’s the best mail client ever made). So you go to the .muttrc file and put your password in plain-text (don’t do that, please). After that, you execute whatever-you-have-set-up to sync your mail and PUM!… It fails and someone killed a kitty because of that (sad story :().

But it fails because of the 2-auth factor (supposing that you did all the config correctly). Here’s the thing: you don’t need the 2-auth code to use Mutt with your GMail account.

App passwords

As the title says, it’s a password for each app you want. I saw two advantages to use it:

You might think it can be a security problem. Note that if you want to set up it, you first have to set up the 2-auth factor. So you have 2 steps to log in into your account (and it’s dificult to know that 2 things if you’re careful).

Set up

You have to go to App passwords. If you don’t want to click on that, follow this steps: My Account -> Sign-in & Security -> Go down until you see “Signing in to Google” -> Click on App passwords.

You’ll see something like this:

Image 1 - App passwords without any

Obviously, it’s empty. In order to create one app password, you need to set up the app you want and the device in which you’re going to use it. If you choose “Other” in both dropdowns, it lets you to put the name you want (e.g. Mutt - Nexus 4). You can see that in the next two images:

Image 2 - First dropdown

Image 3 - Second dropdown

After completing that two things, you click on Generate, and then this appears:

Image 4 - Assigned password

In this fourth image I blured the password, but it is a 4-block of 4 characters. Once it’s generated, you MUST use it before clicking on Done. Why? Because once you click on it, you’ll not be able to see it again. It means you’ll have to revoke it and generate a new one (which it may cause to resync 1 to n apps).

And after all this steps, you’ll see this:

Image 5 - One password generated


App passwords is a great idea because of the reliability for the user. You can generate all the passwords you want (even one for each app you’ll going to use) and don’t worry about the fact you’ll need your mobile phone every time (only when you’d like to generate new passwords).

I suggest you to try this with the mail client K-9 Mail.