Google is nuking simple username/password sign ins?

[Linux for blind general discussion]

I haven't gotten such an e-mail, but any idea what this means for
> people using the Gmail web interface?


Most if not all Google services will now require that you confirm that 
it is you signing into your account. They are making two-factor 
authentication mandatory, and requiring app passwords for things like 
IMAP. This means that you will likely need a phone or tablet the first 
time you sign in on a new device, something that will get a notification 
from Google that you can tap to confirm it's you. They can also send you 
a text message with a code, which you could verify on the web if you 
have a phone service that works that way. I find that Google Voice 
itself will actually work for this, but it only allows registration in 
the States. But you can get the code on a regular mobile and type it 
into the website if you don't have any way to get the notification. I 
find the app password idea to be highly insecure, and I refuse to use 
it. Essentially they want to generate a password for every app you use 
and store it for you. If you lose access to the app at any time, you 
have to get that password back, or possibly have Google generate a new 
one for you. But worse than that, if someone gains access to your Google 
account or hacks their servers, they get your app passwords as well, or 
can trick Google into generating new passwords for your apps. This 
doesn't have any impact on the Gmail web interface, but would certainly 
cause you to lose access to your IMAP email if you don't trust Google to 
keep the passwords they generate for you safe.

~Kyle