The worst part about this 2FA story is that if you don't have any 2FA methods, Google will effectively lock you out of your account if you're trying to log in from an "unusual" device, i.e. any public (school, library) computer or wireless access point. If you don't have a phone with the proprietary google apps installed and logged into your account, you literally can't login in such situations. Make sure you always have a computer/OS combination that's recognized by google when you travel.
I used to constantly get emails about suspicious logins detected simply from moving around hotspots with my phone trying to log into IMAP. This was until I enabled the app password thing, which generated a password that's both shorter and uses less different characters than my old IMAP password.
I used to constantly get emails about suspicious logins detected simply from moving around hotspots with my phone trying to log into IMAP. This was until I enabled the app password thing, which generated a password that's both shorter and uses less different characters than my old IMAP password.