Setting up SMTP for sending emails through your application? If you’re using Gmail, you’ll need to enable App Passwords (especially if you have 2-Step Verification enabled). Follow these simple steps:
Note: You must have 2-Step Verification enabled to access App Passwords.
This is your new SMTP password. Use it with your full Gmail address when configuring email in your app.
You can always revisit the App Passwords page to:
You’re Done!
Your SMTP is now securely set up using Google’s recommended method. This helps keep your email communication reliable and protected.
Yes, Google still allows app passwords but they are a last resort for “less secure apps” and are only available for accounts with 2-Step Verification (2FA) enabled; they are unnecessary for most modern apps and are not recommended, as they don’t protect against all security risks. App passwords are 16-digit passcodes that grant specific apps or devices permission to access your Google Account and should be generated only when necessary and for a specific device or app.
1- How do I configure Gmail SMTP for my website?
To send emails via Gmail, use the server address smtp.gmail.com. Use Port 587 for TLS or Port 465 for SSL. For the login, use your full Gmail address and a dedicated 16-digit App Password instead of your standard password.
2- What exactly is a Google App Password?
An App Password is a unique 16-character code that grants a specific app or device permission to access your Gmail account. It is designed for applications that don’t support modern “Sign in with Google” prompts and requires 2-Step Verification to be active.
3- What is the process for generating an App Password?
First, ensure 2-Step Verification is enabled in your Google Account security settings. Once active, go to the “App Passwords” section or visit https://myaccount.google.com/apppasswords to create and name a code for your specific application.
4- Why is the App Password option missing from my settings?
The option usually disappears if 2-Step Verification is turned off. However, in 2026, Google has significantly restricted this feature. If you don’t see it, your account may be required to use more secure authentication methods like OAuth 2.0.
5- Can I still use App Passwords in 2026?
While Google has transitioned most users toward OAuth 2.0, App Passwords may still be available for specific legacy systems or accounts that cannot support modern protocols. However, they are no longer the primary recommendation for new setups.
6- What is the recommended alternative to App Passwords?
Google now prioritizes OAuth 2.0. This is a more secure “token-based” system that allows apps to access your email without ever needing a password, providing much better protection for your account data.
7- How do I manage or delete my existing App Passwords?
You can view or delete your active codes by visiting the Security tab in your Google Account. If you suspect a password has been compromised, you should revoke it immediately from the App Passwords list.
8- Are App Passwords still secure to use today?
While functional, they are less secure than OAuth because they don’t support multi-factor challenges once the code is entered. For the best security and long-term compatibility with Google’s policies, it is best to upgrade your plugins or apps to those that support OAuth.
9- Will my email stop working if I keep using an App Password?
It is likely. Google is gradually phasing out “Less Secure App” access and App Passwords in favor of modern standards. To avoid service interruptions or failed email deliveries, you should transition to an OAuth-compatible connection as soon as possible.
Setting up SMTP for sending emails through your application? If you’re using Gmail, you’ll need to enable App Passwords (especially if you have 2-Step Verification enabled). Follow these simple steps:
Note: You must have 2-Step Verification enabled to access App Passwords.
This is your new SMTP password. Use it with your full Gmail address when configuring email in your app.
You can always revisit the App Passwords page to:
You’re Done!
Your SMTP is now securely set up using Google’s recommended method. This helps keep your email communication reliable and protected.
Yes, Google still allows app passwords but they are a last resort for “less secure apps” and are only available for accounts with 2-Step Verification (2FA) enabled; they are unnecessary for most modern apps and are not recommended, as they don’t protect against all security risks. App passwords are 16-digit passcodes that grant specific apps or devices permission to access your Google Account and should be generated only when necessary and for a specific device or app.
1- How do I configure Gmail SMTP for my website?
To send emails via Gmail, use the server address smtp.gmail.com. Use Port 587 for TLS or Port 465 for SSL. For the login, use your full Gmail address and a dedicated 16-digit App Password instead of your standard password.
2- What exactly is a Google App Password?
An App Password is a unique 16-character code that grants a specific app or device permission to access your Gmail account. It is designed for applications that don’t support modern “Sign in with Google” prompts and requires 2-Step Verification to be active.
3- What is the process for generating an App Password?
First, ensure 2-Step Verification is enabled in your Google Account security settings. Once active, go to the “App Passwords” section or visit https://myaccount.google.com/apppasswords to create and name a code for your specific application.
4- Why is the App Password option missing from my settings?
The option usually disappears if 2-Step Verification is turned off. However, in 2026, Google has significantly restricted this feature. If you don’t see it, your account may be required to use more secure authentication methods like OAuth 2.0.
5- Can I still use App Passwords in 2026?
While Google has transitioned most users toward OAuth 2.0, App Passwords may still be available for specific legacy systems or accounts that cannot support modern protocols. However, they are no longer the primary recommendation for new setups.
6- What is the recommended alternative to App Passwords?
Google now prioritizes OAuth 2.0. This is a more secure “token-based” system that allows apps to access your email without ever needing a password, providing much better protection for your account data.
7- How do I manage or delete my existing App Passwords?
You can view or delete your active codes by visiting the Security tab in your Google Account. If you suspect a password has been compromised, you should revoke it immediately from the App Passwords list.
8- Are App Passwords still secure to use today?
While functional, they are less secure than OAuth because they don’t support multi-factor challenges once the code is entered. For the best security and long-term compatibility with Google’s policies, it is best to upgrade your plugins or apps to those that support OAuth.
9- Will my email stop working if I keep using an App Password?
It is likely. Google is gradually phasing out “Less Secure App” access and App Passwords in favor of modern standards. To avoid service interruptions or failed email deliveries, you should transition to an OAuth-compatible connection as soon as possible.
