Hacker News new | past | comments | ask | show | jobs | submit login

This is surprisingly non-shitty by Google. I must admit that I didn't know that before. Can you limit such a passcode to just IMAP/SMTP, or can it be used to log in to other parts of Google?



They provide full access to your entire google account, but you can create as many as you want and revoke them whenever you feel like it.


This passcode is inherently limited to the service it bound to (IMAP or POP3), that's the whole point: don't expose your account password to something which only needs a finer-grained access.

Edit: that's incorrect, see replies.


"This App Password provides full access to your Google account"

-- Google, when you make an App Password


Ah, ok, I just tried and I'm wrong. That's correct, it provides full access.


You're directly contradicting your sibling comment. I guess I'll experiment with this in the coming days, although I'm a little worried tinkering too much will just completely lock me out of my account.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: