Passwords and codes used with 2-Step Verification

There are several fundamental differences between traditional passwords -- such as those you use to sign in to your Google Account -- and the verification codes and App Passwords that you use as part of 2-Step Verification.

Traditional password
  • Created when you first sign up for a Google Account or change your password
  • Generally a combination of letters, digits and characters that you choose
  • You need to remember it
  • If you forget your traditional password, you can always reset it using your recovery options, such as your backup email address or phone number
Verification codes
  • Delivered to your phone or generated by the Google Authenticator App.
  • Six to eight digits (Example: 012345)
  • You don't have to remember it, because you can get a new verification code each time you need one.
  • You’ll need it every time you sign in unless you've marked a computer as "trusted"
  • Generate backup codes ahead of time and print them out, so you can use them as a backup if you don't have access to your phone
  • If you own an Android device, you can also generate codes through Google Settings, even if your device is offline.
App passwords
  • You generate it on the App passwords page
  • Sixteen letters (Example: ohgh uylv xkwd zgbz)
  • You don’t have to remember it, because you can generate a new one anytime
  • You’ll need it when you want to authorize a device, a mobile app (such as a Gmail app on your iPhone), or a desktop app (such as AdWords Editor) to connect to your Google Account
  • If you lose a phone or stop using an app that was authorized with an App password, revoke the App password for that app.

Related articles


Kaley is on the Accounts support team and author of this help page. Please leave suggestions below on how to improve her article.

How helpful is this article:

Feedback recorded. Thanks!
  • Not at all helpful
  • Not very helpful
  • Somewhat helpful
  • Very helpful
  • Extremely helpful