App-specific passwords are separate from two-factor authentication (2FA) but an equally important and useful security measure. With app-specific passwords, you set up a unique randomly generated password for an individual app. This password can only be used in that app and can be revoked at any time by logging into your account with the master password. This way, if you set up an app-specific password for your mail app on your phone and then lose your phone, you can revoke the password and limit the access to your mailbox. As well, if an app has a security vulnerability, only your app-specific password would be exposed—keeping your master password secure.
You can enable up to four app-specific passwords on your email account.
How to enable app-specific passwords
- Log in to your webmail.
- Select Settings from the sidebar.
- From the left-hand menu, select Password.
- Click on the plus (+) sign under App password to get started.
- Select a name for this specific password.
- Record the app-specific password in the app that you would like to use it with, or copy it down somewhere safe.
Note: Once generated, the password will not show again after this screen and would need to be set up again if it was lost.
Removing an app-specific password
- Log in to your webmail.
- Select Settings from the sidebar.
- From the left-hand menu, select Password then App Passwords.
- Under App password, click the minus (-) sign beside the app-specific password that you want to remove.
- You can now set up a new app-specific password.