In a sense it does. They provide different random 16 characters passwords for each of the client that request access to your data and does not support two-factor.
So if someone hacks your gmail password, they still cannot login via IMAP or POP, as they require different password (which you shouldn't write down or remember anyway).
So if someone hacks your gmail password, they still cannot login via IMAP or POP, as they require different password (which you shouldn't write down or remember anyway).