How to Create a Google App Password: Full Step-by-Step Guide

Google permanently disabled the Less Secure Apps setting to enforce better security protocols across all accounts. If you are a developer configuring an SMTP server, a technician setting up an network scanner, or a user connecting an older email client like Thunderbird, your connection will fail without a dedicated application code.

To bridge this gap, you must use a Google App Password. This is a unique 16-digit passcode that allows external applications to securely access your Gmail account without exposing your master password.

This comprehensive guide walks you through the exact process to generate and deploy an app password in under five minutes.

Prerequisites: Turn On 2-Step Verification

Google completely hides the app password generation layout unless your account is reinforced with two-factor authentication.

1. Navigate to the official Google Account Portal.
2. Click on the Security tab located in the left navigation sidebar.
3. Locate the section titled How you sign in to Google.
4. Click on 2-Step Verification.
5. Select Get Started, authenticate your password, and bind a valid phone number or authenticator app to complete the setup.

Step-by-Step: How to Create a Google App Password

Once your account has two-factor authentication running, follow these steps to build your custom password:

1. Locate the App Passwords Portal

Go back to your Google Account Security Panel. Scroll down to the bottom of the 2-Step Verification page, or skip the menus entirely by typing “App passwords” into the top search bar. Alternatively, open the direct link to the Google App Passwords Manager.

2. Name Your Application

Google will prompt you to provide a custom name for the password. Type a highly specific identifier in the text box (e.g., “Java SMTP Server”).

3. Generate and Copy the Code

Click the Create button. A modal window will pop up containing a 16-character code inside a distinct yellow background box. Copy this code immediately. Once you close this window, you will never be able to see this code again.

How to Implement the Password in Your App or Code

When plugging the credential into your development codebase or legacy device configuration, use these exact parameters:

• Username: Your full Gmail address (e.g., [email protected]).
• Password: Paste the 16-character code exactly as generated. Remove any spaces if you copy-paste it into an environment configuration (.env) file or string variable.
• SMTP Server (If applicable): gmail.com
• Port: 465 (SSL) or 587 (TLS)

Troubleshooting: Why is “App Passwords” Missing or Failing?

If you are following these instructions but still cannot locate the option, evaluate the following restrictions:

• Security Key Exclusions: If your Google Account is configured to use physical Security Keys exclusively for 2-Step Verification, Google completely blocks the generation of App Passwords.
• Advanced Protection Program: Accounts enrolled in Google’s Advanced Protection Program cannot utilize legacy app authentication paths.
• Google Workspace Restrictions: If you are using a corporate or school enterprise email account, your organization’s IT Administrator must manually toggle the permission allowing users to manage their own app tokens in the Google Admin Console.
• Master Password Changes: If you modify your primary Google account password, Google will automatically revoke all active app passwords instantly for safety. You will need to delete the old tokens and regenerate new ones.

FAQs