How to Create a Gmail Application-Specific Password for POP/IMAP

Generate a special password for your desktop email program

Two-factor setup protects your account from certain kinds of password compromises.

 Google

by Heinz Tschabitscher
Updated June 05, 2018

Two-factor authentication on your Google account requires a special code—either through a text message or through a mobile app—to accompany your username and password. However, programs like desktop email clients (think Microsoft Outlook or Mozilla Thunderbird or Evolution) cannot send a two-factor challenge response. The solution? An app-specific password, which is a special password tied to your account that's used only for a specific program, service or situation.

Create a Gmail Application-Specific Password

Screenshot showing how to generate a Gmail app password

To generate a new password for an email program, utility or add-on to access your Gmail account through IMAP or POP with two-step authentication enforced:

  1. Click your name or photo near your Gmail inbox's top right corner.
  2. Follow the My Account link in the sheet that has appeared.
  3. Click Signing in to Google under Sign-in & security.
  4. Under the Password & sign-in method section, click App passwords.
    1. If prompted for your Gmail password, enter your password over Enter your password and click Next.
  5. Make sure Mail or Other (custom name) is selected in the Select app drop-down menu. If you selected Mail, choose a computer or device from the Select device menu. If you selected Other (custom name), type the application or add-on and, optionally, device (like "Mozilla Thunderbird on my Linux laptop") over e.g. YouTube on my Xbox.
  6. Click Generate.
  7. Find and immediately use the password under Your app password for your device. Type or paste the password into the email program, Gmail add-on or service immediately. You will not see it again.
  8. Click Done.

Managing App-Specific Passwords

Screenshot showing app passwords used for Gmail

The value of an application-specific password is that you can revoke and regenerate a password on a service-by-service basis instead of having to change the master password to your account. If you do need to create a new app-specific password for a program or service, revoke passwords previously set up but no longer used for the same application.

It's best practice to use an app-specific password only for a single service. You are free to generate as many app-specific passwords as you like.

Besides your Google account, you should set up two-factor authentication for a wide range of accounts, and also for your social-media accounts.