⭐ Google is turning on Two-Step Verification for ALL

Post by **jsmorley** » November 19th, 2021, 12:48 pm

As of November 25, 2021, Google is going to be forcing all users to set up and use Two-Step Verification. (2FA or Multi-Factor Authentication)

This will impact any GMail skins in Rainmeter you might be using.

What you need to do:

1) In your browser, go to your Google Account Settings and select Security from the navigation bar on the left.

2) Under Signing into Google, select App Passwords.

3) Under Select the app and device you want to generate the app password for, choose Select App.

4) Enter some custom name, likely just Rainmeter, and click on Generate.

5) Copy the new password that is generated.

6) Use this new password in the WebParser URL for your skin.

URL=https://#GMailID#:#GMailPassword#@mail.google.com/gmail/feed/atom/

This has no impact on the password you use to sign into Google in your browser or on any of your devices, just Rainmeter, where it can't react to or provide any Two-Step Verification code that is sent to your phone.

While this will not be "forced" until November 25, I recommend just turning on Two-Step Verification now, and get this app password set up for Rainmeter, so you have time to deal with it before it jumps on you.

If you are distributing skins that access GMail, I strongly recommend that you include some form of these instructions for your end-users.

Jeff · Post by **Jeff** » November 19th, 2021, 5:45 pm

Mind if I share another still-not-secured-because-important-data-is-in-plaintext method of doing this?
I tried to help someone with 2FA to connect to their Gmail using browser cookies because #GMailID#:#GMailPassword# HTTP authentication just straight up didn't work, we eventually discovered that

Code: Select all

[MeasureWeb]
Measure=WebParser
URL=https://mail.google.com/mail/u/0/feed/atom
Flags=Resync | NoCookies
Header="cookie: #GMailCookie#"
; GMailCookie variable is the "cookie" header from the very first request headers, the request named "atom"
; found by accessing the Dev Console > going to Network Tab > Refreshing the Page

works and also funny enough, the only reason the cookie header works is because of the previous NoCookie flag.
Only downside to this is that the cookie header is connected to session, so if you log out of your Google account by accident, you'll need to grab the new cookie again (well, for some crazy privacy people this may be an upside). Hope this Application password thing is permanent.

Post by **jsmorley** » November 20th, 2021, 12:30 pm

Jeff wrote: ↑November 19th, 2021, 5:45 pm Mind if I share another still-not-secured-because-important-data-is-in-plaintext method of doing this?
I tried to help someone with 2FA to connect to their Gmail using browser cookies because #GMailID#:#GMailPassword# HTTP authentication just straight up didn't work, we eventually discovered that
Code: Select all
[MeasureWeb]
Measure=WebParser
URL=https://mail.google.com/mail/u/0/feed/atom
Flags=Resync | NoCookies
Header="cookie: #GMailCookie#"
; GMailCookie variable is the "cookie" header from the very first request headers, the request named "atom"
; found by accessing the Dev Console > going to Network Tab > Refreshing the Page
works and also funny enough, the only reason the cookie header works is because of the previous NoCookie flag.
Only downside to this is that the cookie header is connected to session, so if you log out of your Google account by accident, you'll need to grab the new cookie again (well, for some crazy privacy people this may be an upside). Hope this Application password thing is permanent.

Do we know what causes the failure of the https:// authentication to fail for that user? Is there some additional security setting in Google that disables HTTP authentication from the URL? It certainly works for me. I just replaced my regular password with that generated app password in my URL option in WebParser, and Bob's Your Uncle...

I use a measure like this to read the inbox:

Code: Select all

[MeasureMail]
Measure=WebParser
Flags=Resync | NoCookies
URL=https://#GMailID#:#GMailPassword#@mail.google.com/gmail/feed/atom/
RegExp="(?siU)(.*)$"
UpdateRate=120
DecodeCharacterReference=1

I think the form of the URL is important. You don't want to use the /u/o form of the call for this. That will depend on cookies.

And I use this to go to the inbox in my browser when I click on the skin:

LeftMouseUpAction=["https://mail.google.com/mail/u/0/?tab=cm#inbox"]

In that case, you do want cookies involved.

Post by **balala** » September 24th, 2023, 5:30 pm

jsmorley wrote: ↑November 19th, 2021, 12:48 pm As of November 25, 2021, Google is going to be forcing all users to set up and use Two-Step Verification. (2FA or Multi-Factor Authentication)

This will impact any GMail skins in Rainmeter you might be using.

What you need to do:

1) In your browser, go to your Google Account Settings and select Security from the navigation bar on the left.

2) Under Signing into Google, select App Passwords.

3) Under Select the app and device you want to generate the app password for, choose Select App.

4) Enter some custom name, likely just Rainmeter, and click on Generate.

5) Copy the new password that is generated.

6) Use this new password in the WebParser URL for your skin.

URL=https://#GMailID#:#GMailPassword#@mail.google.com/gmail/feed/atom/

This has no impact on the password you use to sign into Google in your browser or on any of your devices, just Rainmeter, where it can't react to or provide any Two-Step Verification code that is sent to your phone.

While this will not be "forced" until November 25, I recommend just turning on Two-Step Verification now, and get this app password set up for Rainmeter, so you have time to deal with it before it jumps on you.

If you are distributing skins that access GMail, I strongly recommend that you include some form of these instructions for your end-users.

The above description isn't working anymore as has been described, I think. It seems Google has changed something on how the accounts are treated and how can we grant access Rainmeter to check the emails. Is there any way now how I can add a new Gmail account to a skin, to do the email check?
Thanks for any hint.

MikeG621 · Post by **MikeG621** » September 25th, 2023, 1:09 pm

Mine's still working just fine, are you sure something wasn't reset at the account level? Should be able to see it listed app list.

Post by **balala** » September 25th, 2023, 6:28 pm

MikeG621 wrote: ↑September 25th, 2023, 1:09 pm Mine's still working just fine, are you sure something wasn't reset at the account level? Should be able to see it listed app list.

Thank you for checking.
In meantime I found how to do it, even if this is not corresponding entirely to jsmorley's description. I assume either in meantime something has been updated by Google, or I have some additional settings (I have a Passkeys element which seems annoying to me right now, but I assume I might be little bit suspicious about this, most probably important, setting).

So, here is what I did to create the password, if anyone is interested:

In my browser, went to my Google Account Settings and selected Security from the navigation bar on the left.
Under How to sign in to Google, clicked to the first box: 2-Step Verification.
Signed in to the account, using either the password, or any other signing in method (there are many, I think doesn't matter which one do I use - however I'm not entirely sure this is so).
On the opening panel clicked to the arrow on the right side of the App passwords element, which is placed on the lower part of the site.
Entered a custom name (obviously Rainmeter in my case), and clicked on the Create button.
Finally I used the generated password, as described above by jsmorley.

I'd like to know if anyone has encountered this problem and if did, if could use the above method to generate the password. Thank you to anyone willing to check.

Post by **Yincognito** » September 27th, 2023, 11:01 am

balala wrote: ↑September 25th, 2023, 6:28 pm I'd like to know if anyone has encountered this problem and if did, if could use the above method to generate the password. Thank you to anyone willing to check.

There you go (I don't use such techniques yet in my skins, so I wouldn't know):
https://forum.rainmeter.net/viewtopic.php?p=218369#p218367

Apparently, it does happen to others, so you might be on to something here...

Post by **balala** » September 27th, 2023, 1:45 pm

Yincognito wrote: ↑September 27th, 2023, 11:01 am Apparently, it does happen to others, so you might be on to something here...

To be honest, even if almost no one reported this lately, excepting the user you linked, I'd be extremely surprised if only me would have this problem.
But who knows...

George Mi · Post by **George Mi** » October 3rd, 2023, 8:01 pm

Yincognito wrote: ↑September 27th, 2023, 11:01 am There you go (I don't use such techniques yet in my skins, so I wouldn't know):
https://forum.rainmeter.net/viewtopic.php?p=218369#p218367

Apparently, it does happen to others, so you might be on to something here...

Thank you very much!

George Mi · Post by **George Mi** » October 3rd, 2023, 8:07 pm

balala wrote: ↑September 27th, 2023, 1:45 pm To be honest, even if almost no one reported this lately, excepting the user you linked, I'd be extremely surprised if only me would have this problem.
But who knows...

Thank you very much!

Your solution made it! But only the one I circled in the picture works. The other two are email request icons, you don't get information about gmail...