Set up 2-Step Verification
Sign in to mobile or desktop apps
Users enrolled in 2-Step Verification need to periodically enter a special verification code, in addition to their username and password, to sign in to G Suite. When signing in from a web browser, they're prompted to enter this code after entering their password. However, desktop and mobile applications aren't configured to accept a verification code—there's no field for entering it. In these cases, they need to sign in by entering another type of code—called an app password—in place of their Google Account password.
How do my users generate and use app passwords?
Have your users follow the instructions in Sign in using app passwords.If these directions don't work, you can try these alternate directions
- Sign in to your G Suite Gmail Account and click Account Settings (at the top right corner of the window).
- Click Signing in to Google. (Note: You can only generate app passwords if you're enrolled in 2-Step Verification).
- Go to your App passwords page: https://security.google.com/settings/security/apppasswords.
- Enter your password, if prompted.
- On your App passwords page, select the relevant app under Select app, or Other to provide a descriptive name for the app, such as "Gmail Android".
- Select a device under Select device. (Steps 5 and 6 help you remember which application it's for, and on which device it's used, in case you later need to revoke it).
- Click Generate.
You'll see the app password and how to use it.
- Enter the password, then click Done.
2-Step Verification in a browser vs. a desktop or mobile app
|Web Browser application||Desktop application or mobile application|
|What||Enter a 2-Step Verification code||Enter an app password
Android 6.0 or later does not accept an app password. Users must enter their user-account password and then enter a 2-Step Verification code, which successfully adds the account.
When your account is accessed via IMAP, POP, SMTP, CalDAV, or CardDAV, you must follow the instructions at
https://support.google.com/accounts/answer/6010255 to enable Less Secure Apps prior to configuring app passwords.
|How||Get a verification code each time you need one, from your phone||Get an app password once from your Authorized Access to your Google Account page on the web|
|When||Once a month or when otherwise prompted||Only once when you set up a new application/device after you've enrolled in 2-Step Verification|
|Where||On a second page that appears after entering a username and password||In your G Suite Password field
Deployment tips for G Suite administrators
- Set up a deployment day where your users take their phones and laptops to your Help Desk.
Tip: If you have a large number of users, consider enabling 2-Step Verification by organizational unit in the Admin console. You can then send your users to the Help Desk in smaller, more manageable groups, by OU.
- Have your IT staff set up 2-Step Verification for your users and enter the app passwords where needed in their mobile devices and desktop applications.
- Train your users when to use 2-Step Verification codes and how to get their codes.
- Send your users the 2-Step Verification email template.
- Point your Help Desk or Support staff to the 2-Step Verification email template and the Troubleshoot 2-Step Verification articles to help them get up to speed.