Skip to content
AskVault Docs
Try Free →

Gmail app password setup

Written by , Founder, AskVault · Reviewed by Aashiq
Last updated: · 2 min read

When to use an app password

OAuth is the preferred path for Gmail. Use app password only when:

  • Legacy 2-Step setup that doesn't expose OAuth.
  • Shared mailbox without OAuth support.
  • Workspace-domain restrictions blocking OAuth third-party apps.

For 90% of cases, use OAuth setup instead.

Prerequisites

  • Google account with 2-Step Verification enabled. Required for app passwords.
  • Mailbox access (Gmail or Google Workspace).
  • AskVault Growth or above.

Generate the app password

5 minutes:

  1. Visit myaccount.google.com/apppasswords.
  2. Sign in if prompted.
  3. Select app: Mail.
  4. Select device: Other (custom name). Name it "AskVault".
  5. Click Generate.
  6. Copy the 16-character password (e.g., abcd efgh ijkl mnop).
  7. Click Done.

The password shows once. Don't lose it; you can regenerate but old one stops working.

Paste into AskVault

  1. Open Deploy Hub > Email > Connect via IMAP.
  2. Enter Gmail address as username.
  3. Paste the app password (with or without spaces; AskVault normalizes).
  4. IMAP server: imap.gmail.com, port 993, SSL.
  5. SMTP server: smtp.gmail.com, port 465, SSL.
  6. Click Test Connection.
  7. Save.

Email channel active within 60 seconds.

Security considerations

App passwords bypass 2FA for the specific app:

  • Treat like a password. Never commit to git, never share.
  • Scope is limited: read mail + send mail. Doesn't grant full account access.
  • Revoke any time at the same URL where you created it.
  • Doesn't expire until you revoke.

For maximum security, rotate every 6 to 12 months.

Limits

  • App passwords per Google account. Up to 25.
  • No expiration until manually revoked.
  • Setup time. About 5 minutes end-to-end.
  • Per-app scope. Mail only; other Google services unaffected.
  • Email-poll cycle. Every 60 seconds default.

Common pitfalls

"Less secure app" error. Old terminology. App passwords replaced "less secure apps" in 2022.

App password option missing. 2-Step Verification not enabled. Enable first under Google Security.

Workspace admin blocks app passwords. Google Workspace policy may disable. Use OAuth instead, or ask admin.

Connection works briefly then fails. Google sometimes auto-revokes after suspicious activity. Regenerate.

FAQ

Why not just use my regular password?

Google deprecated regular-password access for IMAP/SMTP in 2022. App password is the modern alternative.

Can I use the same app password for two services?

Technically yes, but recommended one per service for cleaner revocation.

What if my Workspace admin disabled app passwords?

Switch to OAuth via IMAP and SMTP setup or ask the admin to allow.

Was this page helpful?