5
When using Google's 2-step verification with services that can't use it, such as mail clients on smartphones and desktops, the solution is to create application-specific passwords for those services. Doesn't that make things less secure than just using one password as this opens up the account to more than one password?
1They can't change your master password through one of the application-specific ones can they? So why would it be less secure? The passwords are also random gibberish, so its not like you should try to remember them – Ivo Flipse – 2012-01-13T08:47:23.513
2For me, 'application specific' is extremely misleading. How exactly is is specific to one application? There are no restrictions on how many applications can use this password, nor is there any type of 'role' restriction. As far as I can tell, it gives full access to your account. – UpTheCreek – 2012-04-19T07:18:55.623
1I can only assume what they mean is that they are specific to applications in general, not to a specific individual application. From what I've tested you cant change your account password using an app specific password. I wouldnt say it gives full access, but it does give anyone who has access to your computer full access to your emails. But this is just the same as using outlook without 2-step verification - the only difference being your master password isnt stored on your computer. – OrangeBox – 2012-04-24T05:38:39.487