Set up 2-Step Verification

Sign in to mobile or desktop apps

image of application-specific password to phone

Users enrolled in 2-Step Verification need to periodically enter a special verification code, in addition to their username and password, to sign in to Google Apps. When signing in from a web browser, they're prompted to enter this code after entering their password. However, desktop and mobile applications aren't configured to accept a verification code—there's no field for entering it. In these cases, they need to sign in by entering another type of code—called an application-specific password—in place of their Google Account password.

How do my users generate and use application-specific passwords?

Have your users follow the instructions in Sign in using application-specific passwords.

If these directions don't work, you can try these alternate directions
 
If this link doesn't work, follow these steps:

  1. Sign in to your Google Apps Gmail Account and click Account Settings (at the top right corner of the window).

  2. Click Authorizing applications & sites. (Note: You can only generate application-specific passwords if you're enrolled in 2-Step Verification).
  3. Go to your Authorized Access to your Google Account page: https://www.google.com/a/your_domain/IssuedAuthSubTokens. Be sure to replace "your_domain" with your actual domain name.

  4. Enter your password, if prompted.

  5. On your Authorized Access to your account page, provide a descriptive name for your application-specific password, such as "Gmail Android". (This lets you remember which application it's for, in case you later need to revoke it).

  6. Click Generate password.

2-Step Verification in a browser vs. a desktop or mobile app

  Web Browser application Desktop application or mobile application
  2-step-verification sign in page
What Enter a 2-Step Verification code Enter an application-specific password
How Get a verification code each time you need one, from your phone Get an application-specific password once from your Authorized Access to your Google Account page on the web
When Once a month or when otherwise prompted Only once when you set up a new application/device after you've enrolled in 2-Step Verification
Where On a second page that appears after entering a username and password In your Google Apps Password field

Deployment tips for Google Apps administrators

We recommend administrators to set up a deployment day where your users take their phones and laptops to your Help Desk. We recommend that your IT staff sets up 2-Step Verification for your users and enters the application-specific passwords where needed in their mobile devices and desktop applications. We also recommend that you train your users when to use 2-Step Verification codes and how to get their codes. See the 2-Step Verification email template to send your users and point your Help Desk or Support staff to this article and Troubleshoot 2-Step Verification to help them get up to speed.

API Developers

If you are a Google Apps API developer and use ClientLogin authentication, after you enroll in 2-Step Verification, you'll need to use an application-specific password in place of your regular password.

Application-specific passwords are machine-generated passwords that you enter in your password field. Application-specific passwords are shown only at creation time, so for persistent API access, we recommend storing them in a secure place, as you would your password. Application-specific passwords do not expire, however, you can revoke them. For more information, see Turn off 2-Step Verification.

How to use your application-specific passwords with APIs

For APIs using ClientLogin authentication, use your API application-specific password in the Passwd attribute when making a POST request to the ClientLogin resource. An XML example of the POST request's body:

Email=admin@example.com&Passwd=access_code&accountType=HOSTED_OR_GOOGLE&service=apps

There is no difference between an application-specific password used for API access and an application-specific password used to access a desktop or mobile application: both are equivalent and provide the same privileges. To create an API application-specific password, follow the directions in Sign in using application-specific passwords.