If you use apps on mobile devices for any Google service, you will need to have application specific passwords for apps which aren’t compatible with 2-step verification, to be able to access Google from them.
If you only access Google from your computer you do not have to worry about application specific passwords.
You will need to generate some passwords that will only need to be inputted once for each application on a device. Click on App specific passwords tab on the top of the page and then Manage application-specific passwords.
Figure 12 Manage your passwords for your mobile device(s).
You will of course be asked to login again.
In the past, I have used my Gmail account on my smartphone and tablet using a third party email app. To use the app I had to generate a password. I typed MailDroid Phone (MailDroid or K9 are good 3rd party email applications) in the box provided on the webpage that loaded.
Figure 13 Generating passwords for apps
Once you have typed the application name click on Generate password. On the next screen your one time only password will appear as illustrated in the next figure:
Figure 14 2-step authentication passwords generated screen
Notice that the application that you specified appears at the bottom of the screen? This is the beginning of a list of passwords you will have to generate for every application on all your mobile devices that you want to connect to Google. Click on Done to generate more passwords.
Google allows you to Revoke the password at any time by logging into your account. By doing this, if you lose your phone/tablet or other device then you can delete the passwords stopping anyone from accessing your account from that device.
If you have more than one device where you use the same application (for example, K9 on a tablet and a phone) I would recommend that you put the device name in the application name you chose. For example, you could use K9Phone or K9Tablet depending on your preference.
Now that you have your password, type it in to the password field of the application that you want to use on your device.
For MailDroid, I clicked on the email address, chose Edit and typed in the confirmation code without spaces into the password field. I was able to refresh the email as normal.
A word of warning, if you use MailDroid or another application that downloads your email, even if you use 2-step verification, someone could still access information already downloaded on to your phone.
Even if you have put a generated password in the application, information already on there can still be accessed after you have revoked the password. However, they won’t be able to download new emails, therefore 2-step authentication should not be used as a replacement for password protecting your device and enabling encryption.