Shared publicly  - 
 
I have a feeling that the first time I have to redo the 2 step authentication for my Google account (30 days after I set it up initially) on every app/device I use, I will promptly disable it.
1
Ricky Cadden's profile photoMichael Banks's profile photoKelly Hodgkins's profile photoMitchell Eve's profile photo
15 comments
 
That means you're using it wrong any device or app that you don't want to have to set up for continuous access to your Google account needs to use an app specific password that you get assigned through the security dashboard. If it has that password it never requires you to input it again unless you wipe out the password. 
 
Can't you set it to last forever, 1 year, or at least longer than 1 month?
 
+Michael Banks As I understood it, all apps need to be reauthenticated every 30 days. Is that not the case with app specific passwords? It would make my life a lot easier if they did last forever.
 
That's incorrect as I understood it unless it has changed in the last few months. I have been using it for years. Only when you use the authentication app to log in to public non trusted computers you have the options to save the login for 30 days.
 
With application specific passwords they don't expire. When you login to a Gmail account you require an authentication code which is created using your phone. You have an option to save it for 30 days and then you have to do it again.
 
Sorry, didn't realize it was all cleared up. Two Step is the best thing you can use for peace of mind.
 
Wait, I'm confused. There are 2 options:

1. Using 2-step authentication for every thing you want access (app or device) - this is a royal PITA and requires you to re-do it for all your stuff every 30 days

2. Using app-specific passwords is a PITA to setup initially, but then only needs to be updated/re-authenticated if YOU MANUALLY reset the password through your Google account. 

Both are a pain to setup, but Option #2 means that you don't have to re-do it every 30 days, and is the 'correct' way to set things up. 
 
I'll give you an example situation.
 
Let's say that you've setup Google's Two Step Verification. Let us say for example that you're using Microsoft Office Outlook for your Gmail email. In order for this application to work, it will require an application specific password, so you create one and use that as the "password" in Microsoft Office Outlook. That password will never expire unless you modifiy Google's Two Step Verification in some way. For example, you turn it off or you decide that you no longer want to use Microsoft Office Outlook to read your Gmail email therefore you delete the application specific password because it's redudant.

Carrying on, let's say you go to a friends house and you ask him if you can use his computer to check your Gmail account for new emails. Once you go to Gmail and enter your email address and password, you will be redirected to a "verficiation" page where it will request you to enter in your "authentication code" which is generated with your phone. After entering in the "authentication code" you have an option to save that code for 30 days so that you don't have to enter it each time you login to your Gmail account on your computer. However, because you're at your friends house you de-select that option so because it is not your home computer.

Application specific passwords can only be used with applications, here are some examples.

- Mail on iOS
- Setting up an Android device with your Gmail account
- Google Talk for Windows/Other IM Clients
- Gmail Notifier Applications
Authentication codes can only be used when logging into Gmail on a browser.

You are not able to use an application specific password to login to Gmail on a browser.

Hopefully this clears up your confusion.

Honestly, it really isn't a pain to use. You setup the passwords for applications once, and as long as you don't "turn off" Two Step Verification none of the "application specific passwords" will need to be changed.

You could change your Gmail password if you wanted to and all your devices using an "application specific password" would not need to be updated. You make the passwords once, and they last for as long as you are using Two Step Verficiation.
Add a comment...