Generate Application Password Password

An app-specific password is a unique credential generated for a single third-party application that does not support modern OAuth login. Google, Apple, and Microsoft issue these for older mail clients, calendar apps, and other integrations that cannot handle 2FA prompts. Each app gets its own password, so revoking one does not affect others.

For Google, go to your Google Account security settings and select 'App passwords' under the 2-Step Verification section. For Apple, sign in to appleid.apple.com and generate one under Security. Both services create 16-character alphanumeric passwords automatically. You can also use our generator for services that do not have built-in app password features.

You should not. The entire purpose of app-specific passwords is to isolate access so that revoking one does not affect others. If a third-party app is compromised, only its unique credential is exposed. Generate a separate password for each application and label them clearly so you can identify and revoke specific ones later.

Review your app password list in your account security settings quarterly. Revoke passwords for apps you no longer use — old mail clients, deprecated integrations, and test applications. Most services show when each app password was last used, making it easy to identify stale credentials. Treat this like any other access review in your security routine.