shotwell doesn't work with google's 2-step verification

Ah, found the solution / workaround:

http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056286

So, generate an application specific password for Shotwell's access to Picasa here:

https://www.google.com/accounts/IssuedAuthSubTokens

It will give you a 16 letter password. I used this in Shotwell, and it works. :-)

IMHO Shotwell should mention in it's error message that you need to do the above if the user enabled 2-step verification. And hopefully that info is in Picasa's error message?

We're aware of this problem. Indeed, it's part of a larger feature upgrade that we hope to implement in Shotwell within the next few releases. Specifically, we hope to switch to using OAuth / OpenID for all Google services. This change should correct your specific issue as well as correct a constellation of other, minor login issues people have been having with Google services in Shotwell. The corresponding upstream feature request is here: http://trac.yorba.org/ticket/3445

Lucas

I'm not 100% sure, but it looks like shotwell does not remember the (16-letter) password, and so I have to go to https://www.google.com/accounts/IssuedAuthSubTokens again to get a new password each time I use Shotwell to upload pictures to Picasa.

Am I right about this?

> I'm not 100% sure, but it looks like shotwell does not remember the (16-letter) password

Right now the only workaround I'd recommend is just to turn two-step verification off. At least until we rework the Google service login code in Shotwell, making Shotwell work with two-step verification will (unfortunately) remain problematic and hacky.

Lucas

Adding a save password feature for use with application passwords is not 'hacky'. compromising on the security of my Google accounts by disabling two factor authentication is not advice I'm going to take. All the big account providers are offering two factor authentication, so this suggestion borders on absurd.

It's now been nearly two years since the this was reported and the proposed solution is '50%' finished. The proposed solution will offer little additional benefit over saving the password as far as I am concerned.

Hi David,

> It's now been nearly two years since the this was reported and the
> proposed solution is '50%' finished.

By 50% finished, do you mean that the Picasa Connector uses OAuth but the YouTube Connector, as yet, does not? About this, I can only say that we're working on it. Keep in mind that we at Yorba (the upstream developers of Shotwell) have very limited resources. On the upside, the YouTube OAuth migration may be something that gets done within the next few weeks. We've prioritized the development of this feature because we're not sure how long the legacy ClientLogin API we've been using will still function.

Lucas

I mean, there's a link to a ticket above, and that ticket says it's 50% finished. Actually it now says it's 50% finished, as well as saying it's fixed. The good news is if you download the current release from Yorba, it installs easily, and two factor auth does work for Picasaweb. That is what I wanted, so thanks for the clarification.

Yes, the fix was committed today.