New Google Security Requirements for smtp access

[OldBob1938]

I don't know if this is the correct place to ask this question.  Have tried google but only get answers that don't answer my question.

I am using TidSMTP version 10.6.2.  I have 3 apps that run daily by themselves to perform specific tasks and to report the results of the tasks.  I don't understand google's requirement that accounts with app passwords must have 2 step verification.  How can this work for automatic tasks?  Also, don't understand the requirements for OAuth 2 starting next month.  

Am out of my depth here and any pointers will be appreciated

[rlebeau]

I don't know if this is the correct place to ask this question.

Yes, this is fine.

I am using TidSMTP version 10.6.2.

That is the old version. The current version is 10.6.3.9.

I don't understand google's requirement that accounts with app passwords must have 2 step verification.  How can this work for automatic tasks?

App passwords do not themselves prompt the user with MFA queries. Google simply requires MFA to be enabled on the account in order to create app passwords. App passwords are meant to be used with non-MFA-capable software when MFA is enabled.

Also, don't understand the requirements for OAuth 2 starting next month.  

What don't you understand, exactly? OAuth2 is nothing new to Google, it's been around for awhile.

The latest Indy version has a TIdSASLXOAuth2 component which you can include in TIdSMTP.SASLMechanisms to handle Google's XOAUTH2 command. You can use TIdHTTP or any other REST component to get an OAuth access token from Google per its OAuth 2.0 documentation, and then assign that token to TIdSASLXOAuth2 for authenticating your SMTP sessions, instead of using an app password.