Just found the app password option in gmail and outlook, i found it can be used with my mobile client without logging in to google id in browser, if dont want to login to gmail and outlook in a browser, is it good to use and secure?
Google itself says its not recommended. any thoughts.
Are you talking about the password manager on google?
Yeah do not use their built-in password manager. I found out that all my passwords, from when I used to use Chrome browser, were synced to my google account. I deleted that shit immediately.
Luckily those were old accounts and/or outdated passwords so it was not a big privacy breach.
Do not use app passwords if whatever you are logging in with supports the normal way of logging in.
App passwords circumvent 2FA and are generally generated in a set way, e.g. 12 characters long, no special characters etc.
1 Like
They do have high entropy in them. Also any reliable service (Google, Microsoft, etc) will lock you out after certain number of attempts and slow down attempts.
App passwords used to be needed for Thunderbird users, but then OAUTH was added. Some older mobile mail clients may still need app passwords for interoperability.
Minimize if possible. Otherwise use them in apps/tools, and don’t be typing them in or used as a saved password for login purposes…