Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Submitted title is misleading. Turns out, it's not "all but OAuth", it's "all but OAuth and app password".

If you can't switch to OAuth, you can simply create an app password and continue using that as your IMAP password as usual.



This is surprisingly non-shitty by Google. I must admit that I didn't know that before. Can you limit such a passcode to just IMAP/SMTP, or can it be used to log in to other parts of Google?


They provide full access to your entire google account, but you can create as many as you want and revoke them whenever you feel like it.


This passcode is inherently limited to the service it bound to (IMAP or POP3), that's the whole point: don't expose your account password to something which only needs a finer-grained access.

Edit: that's incorrect, see replies.


"This App Password provides full access to your Google account"

-- Google, when you make an App Password


Ah, ok, I just tried and I'm wrong. That's correct, it provides full access.


You're directly contradicting your sibling comment. I guess I'll experiment with this in the coming days, although I'm a little worried tinkering too much will just completely lock me out of my account.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: