After the number of hacked webmail accounts rapidly increased throughout the last months at various webmail providers, Google took the initiative and introduced an optional 2-step authentication for their services. Thus to solve the security issues a simple username and password authentication brings along. Certainly other providers will start following this example in the future.
2-step authentication aka. two-factor authentication consists of “something you know” (first factor), usually just a username and a password, and “something you have” (second factor).
For logging into Google accounts, this means that additionally to the usual login information you will be asked to enter a verification code as well. Regarding Goolge’s Blog it is possible to either receive the verification code via phone call, sms or a special mobile application that can generate the verification code on its own. In order to keep the login as comfortable as possible, you may choose to remember the verification on your computer for 30 days.
Unfortunately third party products are not unaffected:
Is 2-step authentication activated for a Google account, it required to generate application specific passwords. This password has to be used instead of original user’s password to successfully login to a particular Google service. Otherwise the following error message will be shown upon logging into a Google Mail account that is 2-step authentication enabled via IMAP:
Application-specific password required: http://www.google.com/support/accounts/bin/answer.py?answer=185833
The link points to a comprehensive documentation about using 2-step authentication and how to create application specific passwords.
For the usage of MailStore Home and MailStore Server it is required to create an application specific password for MailStore and use that one instead of the original user’s password for archiving your Google Mail account, after you enabled 2-step authentication in your Google account settings.