Passwords and codes used with 2-Step Verification

There are several fundamental differences between traditional passwords -- such as those you use to sign in to your Google Account -- and the verification codes and application-specific passwords that you use as part of 2-Step Verification.

Traditional password
  • Created when you first sign up for a Google Account or change your password
  • Generally a combination of letters, digits and characters that you choose
  • You need to remember it
  • If you forget your traditional password, you can always reset it using your recovery options, such as your backup email address or phone number
Verification codes
  • Delivered to your phone or generated by the Google Authenticator App.
  • Six to eight digits (Example: 012345)
  • You don't have to remember it, because you can get a new verification code each time you need one.
  • You’ll need it every time you sign in unless you've marked a computer as "trusted"
  • Generate backup codes ahead of time and print them out, so you can use them as a backup if you don't have access to your phone
  • If you own an Android device, you can also generate codes through Google Settings, even if your device is offline.
Application-specific passwords
  • You generate it on the Authorizing applications & sites page
  • Sixteen letters (Example: ohgh uylv xkwd zgbz)
  • You don’t have to remember it, because you can generate a new one anytime
  • You’ll need it when you want to authorize a device, a mobile application (such as a Gmail app on your mobile phone), or a desktop application (such as AdWords Editor) to connect to your Google Account
  • If you lose a phone or stop using an application that was authorized with an application-specific password, revoke the application-specific password for that application.

Related articles