When you activate Googles two-factor authentication you will have to use some application specific passwords for applications that don't support two-factor authentication. How does the application specific passwords work and are they more secure than regular login and password?
How does application specific passwords with Googles two-factor auth work
googlepasswordsSecurity
Related Topic
- Facebook – How, exactly, does a Facebook worm work
- Google Security – Retrieving Past Application Specific Passwords
- Outlook.com – Does Hotmail Offer Two-Factor Authentication?
- Twitter – Verification by SMS in Germany with Long Code
- Google-drive – Google Keep Does not work after turning on 2-factor Authentication on Google Account
- How to enable Application Passwords for an account in Office365 Business
Best Answer
Application specific passwords are extra passwords for your account. While you give the password a name, it doesn't explicitly tie that password to a specific application. That feature allows you to easily deactivate, by device or application, the password in question.
In some respect, they could be seen as a security vulnerability. That's why you should never write them down. An app-specific password could be used by an attacker to sign-in to your account. However, I don't think there's a way to fully hijack the account (change the main password with the app-specific one). So, there's only a limited benefit to an attacker if they compromise your account with an app-specific password.
App-specific passwords are going to protect your primary authentication information from being compromised. They're required when you turn on 2-factor authentication, because there are some apps that won't accept the 2nd factor token. The app-specific password is a temporary work around until other apps can add support for 2-factor authentication.
2-factor authentication requires more than just your password (in this case, your phone) in order to compromise your account. And, in that respect, the combo of 2-factor auth and app-specific passwords are doing a whole lot of good, keeping your account safe and away from any hijacking attempts.