How to Set Up Gmail SMTP Using Google App Passwords

Set Up SMTP
Published on November, 29, 2025

Setting up SMTP for sending emails through your application? If you’re using Gmail, you’ll need to enable App Passwords (especially if you have 2-Step Verification enabled). Follow these simple steps:

 Step 1: Enable 2-Step Verification

  1. Go to your Google Account Security settings.
  2. Scroll down to “How you sign in to Google.”
  3. Click 2-Step Verification and follow the prompts to activate it.

Note: You must have 2-Step Verification enabled to access App Passwords.

How to Set Up SMTP

 Step 2: Generate a Google App Password

  1. After 2-Step Verification is enable, go back to the Security settings.
  2. Under “Signing in to Google”, select App Passwords.

How to Set Up SMTP

 

  1. In the Select App dropdown, choose Other (Custom name).
  2. Enter a name like SMTP Setup and click Generate.
  3. Copy the 16-character App Password that appears. (No spaces—just the full string.)

This is your new SMTP password. Use it with your full Gmail address when configuring email in your app.

How to Set Up SMTP

 Step 3: Use App Password in SMTP Settings

  • SMTP Server: smtp.gmail.com
  • Port: 587 (TLS) or 465 (SSL)
  • Username: Your full Gmail address (e.g., yourname@gmail.com)
  • Password: Your generated App Password
  • Authentication Method: Normal Password
  • TLS/SSL: Enabled

Own The Answers. Not Just The Clicks.

Claim Your Custom AI Visibility & Growth Blueprint

Make your site the obvious answer in Google and AI tools like Perplexity and ChatGPT. Proximate Solutions will audit your site and deliver a simple plan you can act on immediately.

What you get (no cost, no commitment):

  • Traffic & rankings snapshot: Where you stand today and which keywords are your fastest path to revenue.
  • AI search readiness check: What's blocking you from showing up in Perplexity and other AI assistants, plus fixes.
  • 90-day action plan: 5–7 specific changes to content, technical SEO, and internal links to drive more qualified leads.
  • Competitor gap analysis: The easy wins they're missing that you can own.
Yes, I Want My Free Blueprint →
Team working on AI strategy

 Need to Manage or Revoke Access?

You can always revisit the App Passwords page to:

  • Revoke an old App Password
  • Generate a new one
  • Track what apps you’ve given access to

 You’re Done!
Your SMTP is now securely set up using Google’s recommended method. This helps keep your email communication reliable and protected.

Does Google Still Allow App Passwords?

While Google still supports app passwords for legacy or “less secure apps,” they are highly discouraged and should only be used as a last resort. These 16-digit passcodes grant a specific app or device direct permission to access your Google Account, and they can only be generated if you have 2-Step Verification (2FA) enabled. Because they do not protect against all modern security risks, app passwords are entirely unnecessary for most up-to-date applications and should only be created when absolutely required for an isolated device or program.

FAQs

1- Does Google still allow app passwords for SMTP?
Yes, Google still supports 16-digit app passwords, but they are treated as a last resort for legacy or “less secure apps” that do not support modern login standards.

2- What is the main requirement to generate a Google app password?
You must have 2-Step Verification (2FA) actively enabled on your Google Account. Without 2FA turned on, the option to generate app passwords will not appear.

3- Are Google app passwords safe to use for SMTP?
They are generally discouraged because they don’t protect against all modern security risks. They bypass 2FA for that specific connection, so they should only be used when absolutely necessary.

4- Can I use my regular Gmail password for SMTP setup?
No. Google blocks standard account passwords on external apps or legacy printers to protect your account. You must use an app password or modern OAuth authentication.

5- How many digits is a Google app password?
It is a unique, randomly generated 16-digit passcode. You only need to enter it once when configuring your SMTP client or plugin, and you do not need to memorize it.

6- Should I generate one app password for multiple devices?
No. For security tracking, you should generate a unique, dedicated app password for each specific app, plugin, or device that requires SMTP access.

7- What is the modern alternative to Google app passwords?
The recommended approach is using OAuth 2.0 authentication. Most modern applications and WordPress SMTP plugins now support OAuth, which is significantly more secure than app passwords.

Setting up SMTP for sending emails through your application? If you’re using Gmail, you’ll need to enable App Passwords (especially if you have 2-Step Verification enabled). Follow these simple steps:

 Step 1: Enable 2-Step Verification

  1. Go to your Google Account Security settings.
  2. Scroll down to “How you sign in to Google.”
  3. Click 2-Step Verification and follow the prompts to activate it.

Note: You must have 2-Step Verification enabled to access App Passwords.

How to Set Up SMTP

 Step 2: Generate a Google App Password

  1. After 2-Step Verification is enable, go back to the Security settings.
  2. Under “Signing in to Google”, select App Passwords.

How to Set Up SMTP

 

  1. In the Select App dropdown, choose Other (Custom name).
  2. Enter a name like SMTP Setup and click Generate.
  3. Copy the 16-character App Password that appears. (No spaces—just the full string.)

This is your new SMTP password. Use it with your full Gmail address when configuring email in your app.

How to Set Up SMTP

 Step 3: Use App Password in SMTP Settings

  • SMTP Server: smtp.gmail.com
  • Port: 587 (TLS) or 465 (SSL)
  • Username: Your full Gmail address (e.g., yourname@gmail.com)
  • Password: Your generated App Password
  • Authentication Method: Normal Password
  • TLS/SSL: Enabled

Own The Answers. Not Just The Clicks.

Claim Your Custom AI Visibility & Growth Blueprint

Make your site the obvious answer in Google and AI tools like Perplexity and ChatGPT. Proximate Solutions will audit your site and deliver a simple plan you can act on immediately.

What you get (no cost, no commitment):

  • Traffic & rankings snapshot: Where you stand today and which keywords are your fastest path to revenue.
  • AI search readiness check: What's blocking you from showing up in Perplexity and other AI assistants, plus fixes.
  • 90-day action plan: 5–7 specific changes to content, technical SEO, and internal links to drive more qualified leads.
  • Competitor gap analysis: The easy wins they're missing that you can own.
Yes, I Want My Free Blueprint →
Team working on AI strategy

 Need to Manage or Revoke Access?

You can always revisit the App Passwords page to:

  • Revoke an old App Password
  • Generate a new one
  • Track what apps you’ve given access to

 You’re Done!
Your SMTP is now securely set up using Google’s recommended method. This helps keep your email communication reliable and protected.

Does Google Still Allow App Passwords?

While Google still supports app passwords for legacy or “less secure apps,” they are highly discouraged and should only be used as a last resort. These 16-digit passcodes grant a specific app or device direct permission to access your Google Account, and they can only be generated if you have 2-Step Verification (2FA) enabled. Because they do not protect against all modern security risks, app passwords are entirely unnecessary for most up-to-date applications and should only be created when absolutely required for an isolated device or program.

FAQs

1- Does Google still allow app passwords for SMTP?
Yes, Google still supports 16-digit app passwords, but they are treated as a last resort for legacy or “less secure apps” that do not support modern login standards.

2- What is the main requirement to generate a Google app password?
You must have 2-Step Verification (2FA) actively enabled on your Google Account. Without 2FA turned on, the option to generate app passwords will not appear.

3- Are Google app passwords safe to use for SMTP?
They are generally discouraged because they don’t protect against all modern security risks. They bypass 2FA for that specific connection, so they should only be used when absolutely necessary.

4- Can I use my regular Gmail password for SMTP setup?
No. Google blocks standard account passwords on external apps or legacy printers to protect your account. You must use an app password or modern OAuth authentication.

5- How many digits is a Google app password?
It is a unique, randomly generated 16-digit passcode. You only need to enter it once when configuring your SMTP client or plugin, and you do not need to memorize it.

6- Should I generate one app password for multiple devices?
No. For security tracking, you should generate a unique, dedicated app password for each specific app, plugin, or device that requires SMTP access.

7- What is the modern alternative to Google app passwords?
The recommended approach is using OAuth 2.0 authentication. Most modern applications and WordPress SMTP plugins now support OAuth, which is significantly more secure than app passwords.

Read Our Recent Articles