Re: Questions about gmail app passwords
On 25Apr2016 19:45, Grant Edwardswrote: On 2016-04-25, David Champion wrote: * On 25 Apr 2016, Grant Edwards wrote: [regarding Google "app passwords"] Do you need different, unique passwords for mutt, imap, msmtp, offlineimap, and all other IMAP or SMTP clients on a particular machine? Are you required to use the same password for mutt on all machines? No. You can create as many application-specific passwords as you need at https://security.google.com/settings/security/apppasswords. Each can be tagged with an application name and a device name to help you remember where you're using that password, but they're all equivalent. Google doesn't pick up on what each one is specifically being used from, although they may track whether passwords are being used at all. Choose your own granularity. David, thank you for this information; I've been wondering exactly the same thing recently. I'll probaby go with a single "app password" per account per physical machine. Next I suppose I should figure out how to use gpg-agent so I don't store them in plaintext. It would be nice if I could somehow combine ssh-agent and gpg-agent so I don't have to enter a passphrase twice... A shell wrapper using expect might to the trick. Personally I'm going to enter my passphrase twice. Gpg-agent does work; I used to use it and intend to fix it up again (I forget what troubles I had, they probably revolved around poor agent setup on my part). Cheers, Cameron Simpson
Re: Questions about gmail app passwords
On 2016-04-25, David Championwrote: > * On 25 Apr 2016, Grant Edwards wrote: [regarding Google "app passwords"] >> Do you need different, unique passwords for mutt, imap, msmtp, >> offlineimap, and all other IMAP or SMTP clients on a particular >> machine? >> >> Are you required to use the same password for mutt on all machines? > > No. You can create as many application-specific passwords as you need > at https://security.google.com/settings/security/apppasswords. Each > can be tagged with an application name and a device name to help you > remember where you're using that password, but they're all equivalent. > Google doesn't pick up on what each one is specifically being used from, > although they may track whether passwords are being used at all. > > Choose your own granularity. Thanks. I suspected that was the case, but thought perhaps Google might be trying to fingerprint the connection attempts to actually identify the application and/or machine. The Google documentation is pretty much mute on the subject, and third party write-ups never address it either, they just provide a recipe for making it work with one app on one machine (actually in one case two apps on one machine, and it just stated: "create two passwords" with no explanation). I could have created a throw-away Gmail account and do some experiments to figure this out, but it didn't seem like something I wanted to do via trial-and-error on my "production" machines with my real accounts. I'll probaby go with a single "app password" per account per physical machine. Next I suppose I should figure out how to use gpg-agent so I don't store them in plaintext. It would be nice if I could somehow combine ssh-agent and gpg-agent so I don't have to enter a passphrase twice... -- Grant Edwards grant.b.edwardsYow! Now, let's SEND OUT at for QUICHE!! gmail.com
Re: Questions about gmail app passwords
* On 25 Apr 2016, Grant Edwards wrote: > When one enables Google two-step verification, one can generate > "application specific" passwords for use by programs like mutt, > offline-imap, msmtp, exim, fetchmail, etc. I've been reading both > Google and third-party documentation on this, and can't find any > description of what "application specific" actually _means_. It means nothing. You can think of it as "supplementary password". > Do you need different, unique passwords for mutt, imap, msmtp, > offlineimap, and all other IMAP or SMTP clients on a particular > machine? > > Are you required to use the same password for mutt on all machines? No. You can create as many application-specific passwords as you need at https://security.google.com/settings/security/apppasswords. Each can be tagged with an application name and a device name to help you remember where you're using that password, but they're all equivalent. Google doesn't pick up on what each one is specifically being used from, although they may track whether passwords are being used at all. Choose your own granularity. -- David Champion • d...@bikeshed.us