Jump to content
  • Google no longer allows username and passwords on third-party email applications

    Karlston

    • 2 comments
    • 654 views
    • 4 minutes
     Share


    • 2 comments
    • 654 views
    • 4 minutes

    A couple of weeks ago, people started noticing that apps such as Outlook, Thunderbird, and other email clients started prompting them for their Google passwords. When they would re-enter their Google password, it would get rejected saying it was incorrect.

     

    Google started locking down its email service and how it connects to third-party email clients, finally retiring “less secure apps”. When enabled, it allowed you to use your main Google email address and password to sign into an email client, weakening the overall security of your Google account.

     

    You can still use Google on third-party apps, but the app must support either “OAuth2” (An authentication method that opens a dialog box allowing you to authenticate by signing into Google and allowing the application access to your Google account), or you must use an app-specific password.

     

    App-specific passwords are used in conjunction with two-factor authentication on your Google account.

     

    Most applications do not know how to handle two-factor. Thus, giving you no way to enter an authentication code, so app-specific passwords were created.

     

    This allows you to create a special password on a per-application basis. Once created, instead of giving an application such as Outlook your Google password you give it an “app-specific” password instead.

     

    There are still people out there who have yet to enable two-factor (2FA) authentication on their Google accounts.

     

    2FA greatly enhances the security of a Google account. This type of authentication is separated into 3 different groups:

     

    • Something you know - A password.
    • Something you have - A phone in your possession that gets a text message, a code generated by an authentication app, or a sign-in prompt.
    • Something you are - Your fingerprint or face.

     

    Without 2FA enabled, all you have is “something you know”, which could also be something an attacker knows, too. That is if you accidentally give out your credentials from a phishing email or they were obtained from a website breach.

     

    Once 2FA is enabled, even if an attacker were to find out your password, they would be prompted by an authentication code that only you have in your possession.

     

    You are probably thinking to yourself, “Well that sounds pretty cool. How do I turn that on?" I’m glad you asked.

     

    • First, log into your Google account.
    • Next, click your profile icon (circle) in the top right corner of the screen and click “Manage your Google Account”.
    • Click “Security” on the left-hand side of the screen.
    • On the right, scroll down until you see “2-Step Verification” and click it to start enabling two-factor authentication.

     

    • 1655640858_singing_into_google.jpg

     

    1655640853_get_started.jpg

     

    • In that same section, you will also see “Backup Codes”. Print a copy of these, as it gives you a sheet of 10 one-time use codes as a form of “Get out jail free” in case you lose access to your phone or authentication app.

    1655641445_backup_codes.jpg

    • Once you are finished enabling 2FA and printing off a copy of your backup codes, go back to the security section of your Google account.
    • You’ll see an option called “App password”. Click it and enter your Google password.

     

    1655640848_app_password.jpg

     

    • Click “Select app”, and select an option from the drop-down menu. The same goes for “Select device”.
    • Once finished, click “Generate” and it will give you a nice random-looking password. Copy it and paste (or type it) it into your email client.

     

    Your email program should be able to send and receive emails again.

     

     

    Google no longer allows username and passwords on third-party email applications


    User Feedback

    Recommended Comments

    • Administrator

    Security wise, the idea is good. But practically, unless there's a more easy way to do this, it is going to be a big problem for the users I think.

    Link to comment
    Share on other sites


    Great write up but unfortunately obsolete (I think) Google in all their wisdom has elected to get rid of the App passwords feature. Causing me no end of headaches as I share a Gmail address (but different computers) with my wife and neither of us is happy with IMAP on our shared account. 

     

    Any solutions out there?

     

    Thanks

    hip

    Link to comment
    Share on other sites




    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...