Introduction

If you've ever attempted to link your Google account with a third-party program such as Outlook, Thunderbird, or some ancient mail client, you've probably run up against the frustrating brick wall that is Google's two-step verification (2SV). That's a robust security feature aimed at keeping unauthorized individuals from your account, but every now and then it stands in the way of legitimate applications that don't use more current forms of authentication. Users often face issues when trying to bypass two-step verification for third-party apps, especially those that don't support modern security protocols.

App Passwords do the rescue.đź‘Ť

In a fresh tutorial video on YouTube, the writer takes the reader through a fast and safe approach to bypass two-step verification for third-party apps by App Passwords. It is not disabling 2SV or compromising your account—it's a solution sanctioned by Google and precisely for such an instance.

We will simplify each and everything you have noticed in the video—step-by-step—so that you're able to associate third-party applications with your Google account simply and securely without getting any verification issue.

What Are App Passwords?

App Passwords are special 16-digit passcodes generated by Google to help you sign in to your account from apps or devices that don’t support two-step verification. Instead of using your regular Google password (which would trigger a 2SV prompt that some apps can’t handle), you use this one-time generated password to log in. App Passwords allow users to bypass two-step verification for third-party apps like Outlook and Thunderbird, which otherwise fail to authenticate with standard 2SV.

These passwords act as a secure bridge between your Google account and older applications. For example, if you're trying to connect your Gmail account to Microsoft Outlook or an old Android email client, your standard login won’t work if 2SV is enabled. That’s where App Passwords become essential.

Here are a few key points about App Passwords:

💠You don’t need to remember them—they're generated once and used just for setup.
đź’ They only work with the app and device you generated them for.
đź’ You can revoke them anytime from your Google Account settings.

As shown clearly in the video, App Passwords are not a hack or backdoor—they’re an official feature provided by Google to help users maintain both compatibility and security.

Why Two-Step Verification Intervenes with Third-Party Apps

Two-step verification (2SV) increases security on your Google account by, in addition to requesting your password, also requesting a second verification step—most often a code sent via SMS or using an authenticator app. While as much as it increases the security of your account, it also introduces incompatibility problems with older applications or third-party applications.

Most of those apps weren't created with two-factor authentication. Instead, they require just a mix of the password and username. So when you try to login with your default credentials in one of such applications, Google stops the action from your side.

This issue is demonstrated in the face in the video when the developer attempts to log in with an app, only to be presented with an "incorrect password" response—when in fact it was correct. This is due to the fact that the app is not set up to handle the second level of authentication, and Google simply defaults on accepting the log in.

Some common apps and scenarios in which this happens are:

đź’ Email applications like Microsoft Outlook, Thunderbird, or vintage iPhone/Android mail apps
đź’ Contact and calendar synchronization apps
đź’ Legacy apps which talk to Gmail using SMTP, IMAP, or POP3

This is the very reason why Google has App Passwords—to allow such types of apps to access your account without deactivating your 2SV settings.

đź‘ŤFor a deeper understanding of how network-level protection ties into user authentication, check out this post on understanding IP security architecture.

Prerequisite: Enable Two-Step Verification

Before you can generate an App Password, you must have two-step verification enabled on your Google account. This may seem counterintuitive since you're trying to bypass two-step verification for third-party apps in certain apps, but the App Password feature is actually a part of Google’s two-step verification system.

In the video, the creator walks through this requirement step by step. If you skip this part, the “App Passwords” option won’t even appear in your Google settings.

Here’s how to enable 2SV on your Google account:

Steps to Enable Two-Step Verification:

đź’ Go to myaccount.google.com and sign in.
đź’ From the left-hand menu, click on "Security".
đź’ Scroll down to the section labeled "Signing in to Google".
đź’ Click on "2-Step Verification".
đź’ Follow the prompts to set it up:
➡️You’ll typically be asked to enter your phone number.
➡️Choose whether you want to receive codes via text message or an authenticator app.
➡️Verify the code to activate the feature.

Once done, your account is protected with an extra security layer—yet now you’re also eligible to generate App Passwords, which makes working with older apps much smoother.

Note: This setup only needs to be done once. After enabling it, you’ll have access to the App Passwords section anytime.

How to Generate an App Password (Main Section)

This is the core part of the process shown in the video—generating an App Password to allow third-party apps to access your Google account without triggering two-step verification errors.

The YouTuber provides a clear, hands-on walkthrough, and here's a simplified version you can follow step by step:

Step-by-Step Guide to Generating an App Password

  1. Log in to Your Google Account:
  2. Go to Security Settings:
    • On the left-hand side, click “Security.”
    • Scroll down to the “Signing in to Google” section.
  3. Click on “App Passwords”:
    • This option will only appear if you’ve already enabled two-step verification.
    • You may be asked to enter your Google password again for verification.
  4. Select App and Device:
    • You’ll see two dropdown menus:
      • First, choose the type of app you're setting it up for (e.g., Mail, Calendar).
      • Then, select the device (e.g., Windows Computer, iPhone).
    • If your app/device isn’t listed, select “Other (Custom name)” and enter a label (e.g., “Outlook Mail” or “Legacy Mail App”).
  5. Click “Generate”:
    • Google will create a 16-character App Password, which looks like this:
abcd efgh ijkl mnop
  1. Copy and Use the Password:
    đź’ You only see this password once, so copy it immediately.
    đź’ Go to your third-party app and paste it in the password field instead of your usual Google password.

    👍You can use a strong password generator tool—like the one by Outright Systems—for strengthening your other logins and boosting overall account security.

Important Tips from the Video:
💠Don’t add spaces when typing the App Password.
💠You won’t need to remember it—just use it once to log in on that specific app or device.
đź’ It only works for the app/device combo you selected while generating it.

Once done, your third-party app should connect successfully—without triggering 2SV errors.

đź‘ŤIf you're using Microsoft services, here's how to create an app password in Microsoft Outlook or Office 365 for seamless third-party integration.

Illustration of laptop with lock and phone showing verification code, highlighting how to bypass two-step verification for third-party apps
Visual guide to bypassing two-step verification using App Passwords on devices

Using the App Password with a Third-Party App

Now that you’ve generated the 16-character App Password, the final step is to use it inside your third-party app. This is the part where most people usually hit a wall when trying to sign in with their regular Google password.

As you can see from the video, the author employs a real scenario to show you how to swap your regular password with the App Password in applications such as Microsoft Outlook, Thunderbird, or older email clients on your phone.

How to use the App Password:

Launch the third-party app you're configuring (e.g., Outlook or a mail app on your phone).
➡️Navigate to the account setup or login screen.
➡️Enter your entire Google email address as you normally would.
➡️In the password field, copy and paste or enter the 16-digit App Password you created.
➡️Finish the setup process.

âś… Outcome: The app will log in successfully without asking you to enter a 2-step verification code. That's because the App Password bypasses 2SV for that particular app and device. Well you succeeded to bypass two-step verification for third-party apps.

Example Use Cases:
đź’ Setting up Gmail in Outlook desktop app.
đź’ Syncing Google Calendar with legacy scheduling software.
đź’ Connecting Google Contacts to older CRMs or mobile devices.

Important Note:
đź’ The App Password is valid only for the app and device you chose when you created it.
đź’ If you ever switch the device, app, or disable the Google account, you'll have to create a new App Password.

This is how it works, as nicely illustrated by the video, to allow you to not be sacrificing the security of your Google account while still being able to connect with older applications that are not two-step verification-compatible.

Revoicing and Managing App Passwords

Once you've created and used App Passwords, it's wise to review and manage them every now and then—especially if you are no longer using a specific application or device. This makes your Google account secure and prevents any illegal access.

In the video, the author reminds us in a matter of seconds how easy it is to see and manage the currently available App Passwords from within your Google account settings.

How to View or Remove App Passwords:
đź’ Open https://myaccount.google.com and sign in.
đź’ Scroll down to Security > scroll to "Signing in to Google."
đź’ Click on "App Passwords."
đź’ This is where you will see a list of all the active App Passwords, identified by the name of device or app you used when you created them.

Every device and app pairing is tied to a one-time password entry. When you're done with that pair, it's advisable to remove the App Password.

To remove an App Password:
➡️Click the trash icon (🗑️) next to the entry to remove.
➡️The link will be disconnected immediately, and that app won't be able to use your Google account any longer.

âś… Best Practices
🔯Periodically review your App Passwords and remove unused ones.
🔯Revoke access when a device is lost, sold, or compromised.
🔯Use descriptive names (e.g., "Work Laptop Outlook" or "iPhone Mail") when creating passwords to make management easier.

Keeping your App Passwords organized helps you get the right balance between convenience and security, much like the video suggests.

Security Tips & Best Practices

Although App Passwords provide a secure method to circumvent two-step verification for apps that don't have it, it's important to adhere to some best practices so your Google account stays secure.

The video stresses that App Passwords are not a loophole but a secure feature designed to enhance compatibility without compromising account security. Here's how to use them responsibly:

App Password Security Best Practices

Never Share Your App Passwords
Treat App Passwords as your first login credentials. Even though they're only used within specific apps and devices, anyone with access to one can probably gain access to your email, contacts, or data within that app.

Use Only When Necessary
Only create App Passwords for apps that simply don't support 2SV. If the app supports OAuth or Google Sign-In, use that instead—it's more secure.

Name Your Passwords Clearly
Use names such as "Thunderbird Desktop" or "iPhone Mail" when creating passwords so you can easily identify and keep track of them later.

Revoke Old or Unused Passwords
If you uninstall an app, change devices, or stop using a service, go back to your Google account and delete that App Password.

Turn Two-Step Verification On
App Passwords are meant to be used with 2SV, not as a replacement. Don't disable two-step verification just to avoid creating these passwords.

Be Cautious of Device Security
If an App Password device is compromised or lost, immediately deactivate the App Password to avoid unauthorized use.

These simple and efficient recommendations help you to make the best out of Google's App Password feature without unnecessarily jeopardizing your account. While it's convenient to bypass two-step verification for third-party apps, it's crucial to only use App Passwords for trusted and necessary applications.

Conclusion

App Passwords are a sticking plaster for the outside of the eye, but they are a masterstroke and secure feature that Google has devised so that the user can start their favourite third-party apps—with two-step verification turned off no less.

The video we viewed does a great job of demystifying the process and removing some of the typical misconceptions about 2SV and app support. No matter what your mail client is, Outlook, Thunderbird, or another old app, this method keeps you online without sacrificing account security.

By employing the step-by-step instruction learned in the video—and explained here—you can accomplish the following with ease:

🔯Enable two-step verification,
🔯Generate App Passwords
🔯Use them safely in third-party apps
🔯Eliminate them when you don't require them anymore.

It's a comforting reminder that convenience and security are not necessarily mutually exclusive—you just need to use the proper tools for the task, with the proper care.

âś… Tip: Bookmark your Google App Password page so you can easily access it when you are adding a new device or app.