For example, let’s say you have two-factor authentication set up on your Google account, and your computer is infected by malware.
If the password is compromised, it could be used to access your account. If you have five application-specific passwords generated, there are five passwords that can be used to access your accounts The risks are clear: Unlike backup codes, application-specific passwords can be used forever - or until you manually revoke them. This is how these application-specific passwords allow older applications that depend on remembering passwords to function.īackup codes also allow you to bypass two-factor authentication, but they can only be used once each. However, that “application-specific password” is actually a new password that provides access to your entire account, bypassing two-factor authentication entirely. Most people will probably continue on their way, secure in the knowledge they’re using two-factor authentication and are safe. RELATED: How to Avoid Getting Locked Out When Using Two-Factor Authentication Problem solved - applications that wouldn’t be compatible with two-step authentication now work with it. To fix this, Google, Microsoft, Apple, and various other account providers that offer two-step verification also offer the ability to generate an “application-specific password.” You then enter this password into the application - for example, your desktop email client of choice - and that application can happily connect to your account. 
There’s no way to enter a two-step verification code into these older applications. These email clients work by asking you for a password and then they store that password and use it every time they access the server. For example, let’s say you want to use a desktop email client to access Gmail,, or iCloud email. However, some applications aren’t compatible with this two-step scheme. RELATED: Secure Yourself by Using Two-Step Verification on These 16 Web Services You enter the code, and your device receives an OAuth token that considers the application or browser authenticated, or something like that - it doesn’t actually store the password. You enter your password, and then you’re prompted for the one-time code.
This is how it normally works when you log into a service’s website or a compatible application.
You have to first enter your password, and then you have to enter a one-time-use code generated by a smartphone app, sent via SMS, or emailed to you. Two-factor authentication - or two-step verification, or whatever a service calls it - requires two things to log into your account. Why Application-Specific Passwords Are Necessary
0 kommentar(er)
