I manage a shared email account (in Gmail) for a small organization. I have 2-factor authentication turned on and had generated an app password for an external app that accesses the inbox via IMAP.
In case you don’t know, app passwords are a feature of Gmail that are only available when MFA is active, and allow static credentials to access your account without the need for going through the usual two-factor process.
Recently, one of the users of this account who is, shall we say, a little less-than-tech-savvy, ended up resetting the account’s real password. She said she did this in reaction to supposed problems she was having. I’m still not sure the password was really necessary.
Now I’ve got the account password updated again and have things under control; however I noticed when I wen in to do damage control that the app password I had previously created was no more. I was under the impression that app passwords don’t just disappear; in fact you have to dive in pretty deep even to find them in the first place.
I’m wondering what may have deleted my app password? Do they expire? Does Gmail clear them all during a password reset? Any light you can shed will help me better understand this, and with my post-mortem evaluation.