On Thu, Jun 3, 2021 at 9:11 PM Felipe Contreras <felipe.contreras@xxxxxxxxx> wrote: > Eric Sunshine wrote: > > Google requires 2fa to be enabled in order to create app passwords, > > That doesn't make sense. What doesn't make sense? My statement? Or Google's requirements? > It's like complaining that you need to lose a limb in order to use > prostetics... > App passwords are a suboptimal solution in case you cannot use 2fa for a > certain application. Nevertheless, that's what Google requires. > If you cannot use 2fa for any application, then don't enable 2fa, and > then you don't need an app password. Just use your regular password. Google has been clamping down on "regular password" use for third-party applications/sign-ins for several years now and they heavily discourage it. It is still possible to do it, though, by enabling "Less secure apps" explicitly[1]. However, when "Less secure apps" is enabled, they regularly send messages "strongly suggesting" turning it off. I won't be surprised if the "Less secure apps" option disappears at some point. > > Thanks, that's an interesting bit of information, though if a person > > can't enable 2fa in the first place, then... (intentionally left > > blank) > > All you need to enable 2fa is demonstrate that you can *use* 2fa... So > you need an OTP client. I'd be happy to see concrete instructions explaining how to accomplish all of this since each time I attempted it, Google's instructions led me in endless circles, with each cycle always asking for (er, requiring) my non-existent phone number. [1]: https://support.google.com/accounts/answer/6010255/less-secure-apps-amp-your-google-account
