The wording is kind of ambiguous, but it seems that App-Specific Passwords will continue working
> If you have scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails, you’ll need to either: configure them to use OAuth, use an alternative method, or configure an App Password for use with the device.
> All Other Applications. If the app you are using does not support OAuth, you will need to switch to an app that offers OAuth or create an app password to access these apps.
It wasn't 100% clear to me either. The wording clearly says SMTP will support app passwords, but no clear indication if IMAP will still support them.
But I asked Google Workspace Support specifically about this yesterday, and they said:
> The application passwords will support IMAP, POP, and all SMTP configurations. Rest assured that OAuth serves as an alternative, offering a straightforward configuration process for any third-party application.
The second sentence was just them continually pushing adopting OAuth. I'd love to, but the cost of the (recurring) security review is not feasible for our small SaaS app, so we'll be sticking with app passwords (thankfully).
> If you have scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails, you’ll need to either: configure them to use OAuth, use an alternative method, or configure an App Password for use with the device.
> All Other Applications. If the app you are using does not support OAuth, you will need to switch to an app that offers OAuth or create an app password to access these apps.