I was shocked and disappointed when I tested and found that you're right when you say,
That's not quite accurate. GMail doesn't know *what* app is logging in with the app-specific password that you've assigned for POP Peeper. That is, you could use the same password for POP Peeper AND Thunderbird AND Outlook AND etc.
The same App-Specific Password (hereinafter, ASP) that I assigned to POP Peeper was able to give Outlook access to a "secured" Gmail account. I incorrectly had assumed that Gmail required use of something akin to a User-Agent-String to identify each unique application. The fact that they don't, actually makes the whole ASP mechanism less than worthless; in fact, it use makes my Gmail account much, much less secure: Google assigns a rather short, purely alphabetical, 16-character ASP, whereas, my other passwords are between 48 - 64 alphanumeric/special characters.
I had concerns using such a diluted password but, since it could be used by only one, "
specific" ,trusted application and the Less-Secure-Apps alternative was/is unacceptable to me, I went ahead. Now, after finding out that that password is not "specific" at all, I'm angry!
I agree that Google's is confusing in addressing this matter. For example, the ASP
does give full access to the
whole Google Account, not just to the associated GMail.
Go to the settings for your Google Account in the application or device you are trying to set up. Replace your password with the 16-character password shown above.
Just like your normal password, this app password grants complete access to your Google Account. You won't need to remember it, so don't write it down or share it with anyone.
This patently false statement is why I thought that one App-Specific Password could be used with only one specific application.
Anyway, thanks for better educating me.
Speaking of education, a couple questions, Jeff:
1. Why, do you think, are applications acting on my behalf
not required to uniquely identify themselves to services like Gmail?
2. Is POP Peeper considered a "less-secure-app" by Google, which also says that Outlook may fall into that category?
3. POP Peeper doesn't store the passwords it uses to access my email accounts anywhere but on my compouter, right? Assuming they are stored only on my computer/device, are they encrypted or is that mish-mash in the App Data Folder plain-text?