How to Create a Gmail Application-Specific Password for POP/IMAP

Generate a special password for your desktop email program

by Heinz Tschabitscher
A former freelance contributor who has reviewed hundreds of email programs and services since 1997.
Updated November 11, 2019

Two-factor authentication on your Google account requires a special code—either through a text message or through a mobile app—to accompany your username and password. However, programs like desktop email clients (think Microsoft Outlook or Mozilla Thunderbird or Evolution) cannot send a two-factor challenge response. The solution? An app-specific password, which is a special password tied to your account that's used only for a specific program, service or situation.

Google Account Security page on macOS Desktop

Create a Gmail Application-Specific Password

To generate a new password for an email program, utility or add-on to access your Gmail account through IMAP or POP with two-step authentication enforced:

  1. Click your name or photo near your Gmail inbox's top right corner.

  2. Tap or click the Google Account button in the sheet that has appeared.

    Google Account button in Gmail Gear icon

  3. Click the Security button in the left-hand sidebar.

    Security category in Google Account

  4. Scroll to the Signing in to Google section.

  5. Under the Password & sign-in method section, click App passwords.

    App passwords button in Signing in to Google section

    If prompted for your Gmail password, enter your password over Enter your password and click Next.

  6. Make sure Mail or Other (custom name) is selected in the Select app drop-down menu. If you selected Mail, choose a computer or device from the Select device menu. If you selected Other (custom name), type the application or add-on and, optionally, device (like "Mozilla Thunderbird on my Linux laptop") over e.g. YouTube on my Xbox.

  7. Click Generate.

    Generate button in App passwords for Google Account

  8. Find and immediately use the password under Your app password for your device. Type or paste the password into the email program, Gmail add-on or service immediately. You will not see it again.

  9. Click Done.

Managing App-Specific Passwords

Screenshot showing app passwords used for Gmail

The value of an application-specific password is that you can revoke and regenerate a password on a service-by-service basis instead of having to change the master password to your account. If you do need to create a new app-specific password for a program or service, revoke passwords previously set up but no longer used for the same application.

It's best practice to use an app-specific password only for a single service. You are free to generate as many app-specific passwords as you like.

Besides your Google account, you should set up two-factor authentication for a wide range of accounts, and also for your social-media accounts.