FAQ

As of April 23, 2025, Gmail accounts must use an app password.
Alternatively, you may continue using Oauth2 by creating personal Oauth2 credentials.

This method requires POP Peeper v5.6.2+

This one-time procedure (expected to take 5-10 minutes) allows you to access all your Gmail accounts using Oauth2 with your own Oauth2 dev credentials.
Update: It's possible that accounts accessing Oauth2 via an unverified dev account will need to re-validate Oauth2 every 7 days. This is being monitored.

Use case: This method may be preferred over using app-passwords if (a) You do not want to enable 2FA on your accounts OR (b) If you have multiple Gmail accounts that don't already have 2FA, this method may be easier.

1. Open the link: https://console.developers.google.com
   Make sure you are logged in with the Gmail account that you want to use for this purpose. Also, this account will need to have 2-step verification enabled (per this Google article); so keep this in mind. If you don't already have at least one account with 2FA enabled, consider creating a new Gmail account for the purpose of this method or only enable 2FA when you need to access the console and disable 2FA when you're done.
2. Read and agree to the TOS


3. On the page "Enabled APIs & Services", Click "Create Project"
4. Enter a Project Name (e.g. Private Oauth2)
5. Leave Location = "No organization"
6. Press the "Create" button


7. Select "Oauth consent screen" on the left
8. Click "Get started" on the right
9. Specify App Name (e.g. POP Peeper)
10. Select your email address for the "user support email"
11. Set Audience = "external"
12. Specify your contact email address (you can use the same email address as the account)
13. Select "Agree"
14. Press "Create" button


15. Select "Clients" on the left
16. Select "Create Client" on the right (top)
17. Set Application type = "Desktop App"
18. Specify a Name (e.g. "POP Peeper")
19. Press the "Create" button
20. Copy the "Client ID" and "Client secret" values and enter them into the corresponding fields in POP Peeper:
    Main menu: Tools / Options / Oauth2


21. Select "Audience" on the left
22. Under "Test users", click "Add Users"
23. Add every Gmail email address that you want to access using POP Peeper with Oauth2
    When you press "save", the 'add users' window should slide out; if not, press "save" again; if the email address appears with a red border, it may not be a valid email address

Oauth2 will now be available to use for Gmail accounts within POP Peeper.
When you access the consent pages during the initial Oauth2 process, you will see the following:
"Google hasn't verified this app"
-> just press "Continue"

Quick reference

To access your Client ID and Client Secret values:
- Open your Google Dev console (or directly to the Credentials page)
- Click "Credentials" on the left
- In the "OAuth 2.0 Client IDs" section, edit the client

To add additional Gmail accounts to access Oauth2:
- Open your Google Dev console (or directly to the Audience page)
- Click "Oauth consent screen" on the left
- Click "audience" on the left
- Press "Add users" in the "Test users" section

Note: if you do not add your account to the "Test users" list and try to access Oauth2 with that account, you will get the following error:
"Access blocked: POP Peeper has not completed the Google verification process"
To fix this, you must add your email account to the "Add users" list as instructed above.

Yahoo has started blocking normal login methods for IMAP/SMTP -- first reported around June 2016 -- in favor of using the OAuth2 login method. Yahoo will report an error of:
([AUTHENTICATIONFAILED] #MBR1212 Incorrect username or password.)

In this case, you have 2 options:

• Use the OAuth2 login method (recommended for improved security): Edit your account in POP Peeper; press the 'OAuth2' button and follow the instructions
• Disable OAuth2: Use the following URL to disable OAuth2 in your Yahoo account:
  https://login.yahoo.com/account/security
  Enable: "Allow apps that use less secure sign in"
  Alternatively:
  1) Press the "Generate app password" link
  2) Select "Other app" and name it "POP Peeper"
  3) Press the "Generate" button
  4) Copy the password Yahoo provides you and paste it into the password field of your POP Peeper account

OAuth2 is a secure method for logging into IMAP and SMTP accounts. Instead of POP Peeper sending your password to login, POP Peeper sends a unique key which changes frequently. This method is more secure than the traditional login method, and is recommended when available.

POP Peeper supports OAuth2 login for Yahoo/AOL and Outlook/Hotmail.

In order to enable and use OAuth2 for each account, you will need to edit your account in POP Peeper, press the 'OAuth2' button and then follow the instructions to allow POP Peeper to access email in your account. When using OAuth2, it is recommended that you delete the login password, as POP Peeper will not need it to login.

To disable OAuth2 support in POP Peeper, edit the account and change the "Oauth2" selection to "password" (next to your login name on the 'General' page). To delete the existing Oauth2 credentials, you can select Oauth2, confirm the prompt to delete the credentials, and then cancel the subsequent request for Oauth2 (it is not necessary to select "password" first).

The following links can be used to see and change permissions for apps that you've granted permission to access your accounts:
Yahoo: https://login.yahoo.com/account/security
Outlook: https://account.live.com/consent/Manage

These errors can have a similar reason, usually because the system's SSL libraries are not enabled correctly. Here's how to fix this:

1. In the Windows start menu, type and open Internet Options
2. Select the Advanced tab
3. Scroll the list to the bottom and make sure the following is enabled:
   • TLS 1.2
4. Press OK

If this doesn't resolve the issue, check that any security related software (e.g. 3rd party firewall) is not blocking POP Peeper's internet access.

Hotmail can be accessed using IMAP/SMTP. SSL is required to access Hotmail using this method. If you do not already have the SSL Plugin installed, download the SSL Plugin.

Note that SSL is required for IMAP and TLS is required for SMTP.

Incoming Mail Settings:
Login Name: Full email address
Password: It is recommended that you use OAuth2 (password is not required in this case)
Server Type: IMAP
Server: imap.outlook.com (or imap-mail.outlook.com)
SSL
Port: 993
IDLE: Recommended

Send Mail Settings:
Reply Option: SMTP
Server: smtp-mail.outlook.com
TLS
Port: 25 or 587
Server Requires Authentication: Enabled

For Gmail accounts, POP Peeper must use an app-password. If POP Peeper is already set to use a password and Gmail doesn't accept it when POP Peeper tries to login, the existing password used by POP Peeper may be your main password which Gmail will reject as invalid credentials.
An alternative method to continue using Oauth2 instead of app-passwords is available: Personal Oauth2 credentials

1. 2-Step verification (aka two-factor authentication, aka 2FA) is necessary to create an app password. If your Google account already has '2-step verification' enabled (or you're not sure), open the following URL:
   https://myaccount.google.com/apppasswords
2. You may be asked for the account -- make sure you select the correct Gmail account you want to create an app password for and sign in
3. If you get an error that says "The setting you are looking for is not available for your account" it means that 2-step verification is not enabled and you will need to follow the instructions in the section "setup 2-step verification" below; otherwise, you can skip that section and go to the "Create the app-password" section.

Setup 2-step verification

If 2-step verification is already enabled, you may skip this section.

1. Open the following link and then make sure you're signed into the correct account (on the top-right):
   https://myaccount.google.com/security
2. Find "2-Step verification" (in the "How you sign in to Google" section) and it should say "2-step Verification is off" (otherwise, you can skip this section)
3. Click on "2-Step verification"
4. It's possible that you've already added a 2nd step (e.g. if you previously added your phone number); in which case, you may just be able to enable 2-step by going to the next step. Otherwise, scroll to the bottom of the webpage to find multiple ways of enabling 2-step verification (you do not need to give your phone number). If you're familiar with these options, choose the option that works best for you. If you don't know where to start, here is some unofficial information collected by myself and other users:
   • Authenticator: This may be the best choice for most users; you'll need an authenticator app installed on your phone or PC. Google will recommend their Google Authenticator app, but most any generic authenticator app should work; there are authenticator apps available through the Microsoft Store if you prefer a Windows-based authenticator. Additionally, you can install authenticator add-ons for your webbrowser. When 2FA is necessary, you access the authenticator app on your phone/PC and enter the provided 6 digit number into the web form.
   • Google Prompt: To use this method, you need to add the account to your Android phone; you'll get a popup on that device when 2FA is required
   • Phone number: This method is probably the most straight-forward method if you don't want to deal with the previous choices. It should be noted that this is probably the least secure of these methods, but still much more secure than not having 2-step enabled.
   • Passkey: In my test, enabling a passkey was not sufficient to enable 2-step verification. As such, this method is not recommended solely for the purpose of creating an app password. However, refer to the 'More information' section below to see how using a PassKey can be a good solution for quality of life.
5. Once you have added a second step, click the "Turn on 2-step verification" link
6. It may still ask you to add a phone number, but if you have added a valid 2nd step, you can press the "Skip" button (otherwise, "skip" won't be visible)
7. Now that 2-step verification is enabled, you can proceed to the next section to "create the app-password"

Create the app-password

1. Open the link:
   https://myaccount.google.com/apppasswords
2. You may be asked for the account -- make sure you select the correct Gmail account and sign in
3. Provide an app name (e.g. POP Peeper) and press the "Create" button
4. Follow the instructions Google provides -- copy the app password; edit the account in POP Peeper and paste it into the "Password" field (if using v5.5 or older, you may need to change the dropdown that's on the right of your "Login name" from 'Oauth2' to 'Password'); press "Update". If you have other accounts using the same login (ie. folders), then you should edit those accounts in POP Peeper and paste the same app password.
   It is not necessary to record the app password; if you have multiple installations of POP Peeper, you can create a different app password for each install. You can delete old app passwords that are no longer in use (or that may be compromised) from the same link above.

More information

Google help for "Sign in with app passwords" -- https://support.google.com/accounts/answer/185833

Information about using a PassKey -- While a PassKey cannot be enabled on its own to enable 2FA, it can be used to provide 2FA credentials, and may be the easiest method to 2FA your account. On Windows computers, the PassKey will use Windows Hello to authenticate your account. Windows Hello can use a PIN, fingerprint or face to verify that it's you. The advantage of using a PassKey is that you don't need to remember your password when signing in; you just select your email account, Google will ask if you want to use your Pass Key, you provide your PIN (or other method as used by Windows Hello) and you're in; no need to get a code via email/sms/voice/authenticator/etc. If you're concerned about the burden that enabling 2FA may impose, this is a good solution.

Note 1: Yahoo requires an SSL connection, and you must install the SSL plugin if it's not already installed.
Note 2: Yahoo may require OAuth2 login method or you may get an "incorrect username or password" error. See the Yahoo OAuth2 FAQ for more information.

Incoming Mail Settings:
Login Name: Full email address
Password: It is recommended that you use OAuth2 (password is not required in this case)
Server Type: IMAP
Server: imap.mail.yahoo.com
SSL (TLS/SSL is required)
Port: 993 (if using TLS: 143)
Idle: optional

Send Mail Settings:
Reply Option: SMTP
Server: smtp.mail.yahoo.com
SSL required
Port: 465
Server Requires Authentication: Enabled

If you enable two-step verification process on your account, POP Peeper will only be able to access your account if you use IMAP or POP3. When using IMAP or POP3 with two-step verification, you will need to use Oauth2 or create a unique app password (see links below for more information).

For more information about setting up a unique app password:
Hotmail: http://windows.microsoft.com/en-us/windows/app-passwords-two-step-verification
GMail: https://support.google.com/mail/answer/1173270?hl=en
Yahoo: https://help.yahoo.com/kb/yahoo-account/quotapp-passwordquot-sln15241.html