Generating app passwords in your Google account gives you a quick workaround for older applications that cannot make use of the new 2-step verification system during the sign-in process. For example, you can generate an app password for using Gmail in the Thunderbird email client while still protecting your Google account with the 2-step verification security. You can generate as many passwords as you want for this. But after you no longer use these app passwords, it is a good idea to revoke these app passwords in order to prevent their misuse. Google has made it very easy to revoke the app passwords.
Here is how you can revoke the app passwords for your Google account:
- On the settings page in your Google account switch to the Security section (you can open this by visiting https://www.google.com/settings/security). Click on Settings shown next to App Passwords.
- The next screen that shows up will display a list of all the app passwords that you have generated. It will display the app name, the creation date and the last usage date for each of these passwords. You can click on the Revoke button to disable and cancel that password.
- After you have revoked a password, it becomes defunct and you will have to update the password for the app that was using it.
Conclusion: When an app password in Google is no longer being used, it is a wise idea to revoke its access. Access to your Google account through any of the app passwords can easily be revoked any time you want.