Skip to main content

Google's Strange Way to Demand Strong Password

· 2 min read

A few days ago, I had to set up a mail client to retrieve mail from a hosted Google mail account. Setting the mail client should be a very simple affair that can be done in a few minutes. I never imagined it would take me more than 10 minutes to get it working.

So I had wanted to set up a mail client, in this instance Thunderbird, to retrieve mail from Google Apps mail. This is supposed to be a test account for retrieving test mail, so I didn’t even need to set it up to send mail. So all I need to do is simply set it up for IMAP with imap.gmail.com (and smtp.gmail.com for outbound mail). That’s all right? Didn’t work.

The ports are open because the error message I’m getting from Thunderbird is that of authentication – not communication error. So I double-checked the values, went through the help documentation to no avail. Except for a tiny line found in the troubleshooting page – "Try changing your password according to our tips on creating a strong password."

As innocous as it may sound, somehow, my gut feel told me this was it. Because the email account is a test account, it had the easy password “123123″. On a hunch, I changed the password (10 characters with 3 numbers) from the Gmail interface then tried to download mails onto Thunderbird. Guess what? It worked! Who knew?

What an innovative way to enforce strong password.

P.S. I did not type the wrong password – who could type “123123″ wrong? And I had a witness see me do this. So I confirm it’s Google enforcing a strong password.