As I explained in the previous article, Google’s 2-step verification provides an additional layer of security against hijacked email. Once you’ve set it up, you won’t be able to log onto the Gmail website from a strange computer until you receive a code that Google texts to your cellphone. In other words, someone trying to hack your account would need your password and physical access to your phone.
But you don’t always access Gmail through a browser. How do you handle 2-step verification with email software, whether it’s a Windows program or an Android or iOS app?
[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to firstname.lastname@example.org.]
Sometimes it’s not an issue. If Google wrote the app, chances are that 2-step verification is built into the code.
Otherwise, you’ll have to go through Google’s Apps passwords feature, which you can access from the Gmail web page.
Click the Tool icon near the upper-right corner of the window (it looks like a gear) and select Settings. Click the Accounts and Import tab, then the Other Google Account settings link, near the top of the page.
On the new page, click the Security tab. (You’ll find an illustrated version of these instructions in the earlier article.)
Now click the Settings link next to “App passwords.” You may have to enter your password again.
This takes you to the App passwords page. You’ll find a list of your existing app passwords (assuming you have any). Below the list, you’ll find a simple form for generating an app-specific password. Select the type of app, the type of device, and click Generate.
Google will generate and display a password that you can enter into the app’s password field. This password will only work for that particular program, and will only be displayed this once (so have your device or app ready). You can stop access to your account from an app password by clicking the appropriate Revoke button on the Apps password page.