Google

Can’t Find Google’s App Passwords Option? Here’s How to Access It Directly

4 October 2024 in Google tagged application / google / password by Tux

Introduction

Setting up app passwords is essential when you use applications or devices that don’t support 2-Step Verification codes. However, many users have reported difficulty finding the option to create an app password in their Google accounts, even after enabling 2-Step Verification. If you’re facing this issue, don’t worry—you can access the App Passwords page directly through a specific URL.

Why Is the App Passwords Option Missing?

Google frequently updates its interface and security settings, sometimes making features like App Passwords harder to locate. Reasons you might not see the option include:

Interface Changes: Google may have relocated the feature in recent updates.
Account Restrictions: Some account types, like business or education accounts, may have administrator restrictions.
Incomplete Verification Setup: If 2-Step Verification isn’t fully set up, the App Passwords option might not appear.

Direct Access to App Passwords

If the App Passwords option is elusive, you can bypass the navigation hassle by visiting the page directly:

Access App Passwords Directly

Step-by-Step Guide to Generate an App Password

Visit the Direct Link: Click on the link above or enter it into your browser’s address bar.
Sign In: Log in to your Google account if you’re not already signed in.
Verify with 2-Step Verification: You may be prompted to complete a verification step to confirm your identity.
Navigate to App Passwords: You should now be on the App Passwords page.
Select the App and Device:

Select App: From the dropdown menu, select the app for which you’re generating the password. Select Other (Custom name) and enter a name if it’s not listed.
Select Device: Choose the device you’re using.

Generate Password: Click Generate to create a unique app password.
Use the Password: You’ll receive a 16-character password. When prompted for your Google account password, enter this into the app or device.

Tips and Considerations

Security: Keep your app passwords secure. Treat them like your regular passwords.
One-Time Use: Typically, you only need to enter the app password once per app or device.
Revocation: If you lose a device or no longer use an app, revoke its app password from the same App Passwords page.

Conclusion

Finding the App Passwords option can be frustrating, but accessing it directly through https://myaccount.google.com/apppasswords is a simple solution. Always ensure that your 2-Step Verification is fully set up and that you follow Google’s security recommendations to keep your account safe.

Navigating Google Sites: The Challenge of Setting Up a Naked Domain for Free

30 March 2024 in Google tagged cloudflare / domain / google / page rules / sites by Tux

In the digital realm, setting up a website is akin to opening the doors to your virtual storefront. For many, Google Sites offers a simple, user-friendly platform to create and host websites. However, businesses and individuals looking to establish a professional online presence often prefer using a naked domain (e.g., example.com) over a subdomain (e.g., www.example.com). A naked domain, free of any prefix, not only provides a cleaner URL but also lends an air of credibility and brand strength. Unfortunately, due to Google’s policies, those hoping to use a naked domain with Google Sites for free will find themselves at a crossroads.

The Google Sites Conundrum

Google Sites, part of Google’s suite of tools, allows users to create and host websites without diving deep into the complexities of web development. While it simplifies the website creation process, Google imposes certain limitations regarding domain customization, especially concerning naked domains.

Google’s primary resource on this topic is a support guide detailing how to associate custom domains with Google Sites through the Google Admin Console (https://support.google.com/a/answer/2518373). The catch? Access to the Google Admin Console is gatekept behind G Suite (now Google Workspace) subscriptions, which do not offer free packages. This effectively means that Google does not support setting up a naked domain on Google Sites without incurring direct costs.

A Clever Workaround: Cloudflare to the Rescue

Facing this limitation does not mean the end of the road for those determined to use a naked domain with Google Sites at no extra cost. A workaround exists, thanks to Cloudflare, a web performance and security company that offers CDN services, DDoS mitigation, Internet security, and distributed domain name server services.

Step 1: Setting Up with Cloudflare

The first step in this workaround involves creating a Cloudflare account and adding your domain to it. Cloudflare provides a range of free services, including the ability to redirect traffic, which is crucial for our purpose.

Step 2: Configuring Page Rules

Once your domain is under Cloudflare’s management, the key to redirecting your naked domain to the www version (or any other subdomain) lies in Cloudflare’s Page Rules feature. Setting up a specific Page Rule allows you to redirect all traffic from your naked domain to the desired destination. Here’s how we did it for bytefreaks.net:

We created a Page Rule for bytefreaks.net/*.
In the settings, we selected the “Forwarding URL” option.
We configured it to redirect to https://www.bytefreaks.net/.

This approach effectively routes visitors from the naked domain to the www subdomain without manual intervention, ensuring that the website remains accessible via the desired URL format.

Conclusion

While Google’s policies may limit the direct use of naked domains with Google Sites for free, innovative solutions like the one involving Cloudflare, highlight the possibilities of overcoming these restrictions. By leveraging Cloudflare’s Page Rules for URL forwarding, individuals and businesses can achieve their desired domain setup without incurring additional costs. This workaround exemplifies the creativity within the tech community and underscores the importance of flexibility in navigating the ever-evolving landscape of web development and hosting.

Python script to parse the GAM / Google Workspace CSV that contains all members of all groups

4 January 2023 in Google / Programming / Python tagged csv / dataframe / google / google workspace / panda / python / to_excel / xlsx / xlsxwriter by Tux

This script will parse the data generated by GAM and create an XLSX out of them.

Each sheet will be named by the group, containing all the emails of that group, including the sub-groups.

emails.py_Download

# This script will parse the data generated by GAM and create an XLSX out of them.
# Each sheet will be named by the group and it will contain all the emails of that group, including the sub-groups.
 
# Using sys to get command line arguments for the input file
import sys
# Using CSV to parse the input CSV file that GAM (GAMADV-XTD3) created after using the following command:
# gam print group-members > emails.2022.csv;
# Source: https://bytefreaks.net/google/rough-notes-on-using-gam-to-print-all-members-of-all-groups-in-google-workspace
import csv
# Using pandas to create an XLSX file with multiple sheets
import pandas as pd
 
# Creating an empty dictionary.
dictionary = {}
 
# Opening the CSV file that is the first command line argument
with open(sys.argv[1], newline='') as csvfile:
    reader = csv.reader(csvfile, delimiter=',', quotechar='"')
    # For each row, we are getting only the first column which is the group and the last which is the email
    for row in reader:
        dictionary.setdefault(row[0], []).append(row[5])
 
# Create a Pandas Excel writer using XlsxWriter as the engine.
writer = pd.ExcelWriter(sys.argv[1]+'.xlsx', engine='xlsxwriter')
 
# Iterating in Sorted Order
for key in sorted(dictionary):
    # Create a Pandas dataframes to add the data.
    df = pd.DataFrame({'Members': dictionary[key]})
    # Write each dataframe to a different worksheet.
    # To avoid the following exception:
    # xlsxwriter.exceptions.InvalidWorksheetName: Excel worksheet name 'action.for.industry.officer@ieeer8.org' must be <= 31 chars.
    # We are truncating the domain from the group.
    group = key.split("@")[0]
    # In case the name is still to big, we truncate it further and append an ellipsis to indicate the extra truncation
    sheet = (group[:29] + '..') if len(group) > 31 else group
    # We are also removing the header and index of the data frame
    df.to_excel(writer, sheet_name=sheet, header=False, index=False)
 
# Close the Pandas Excel writer and output the Excel file.
writer.close()

emails.py_Download

Rough notes on using GAM to print all Members of all Groups in Google Workspace 1

3 January 2023 in Google tagged gam / gamadv / google / google workspace by Tux

Since google failed to provide helpful UI for the administrators, we used GAMADV to print all members of all groups.

GAMADV-XTD3 6.30.10 - https://github.com/taers232c/GAMADV-XTD3 - pyinstaller
Ross Scroggs <ross.scroggs@gmail.com>
Python 3.11.0 64-bit final
Linux Ubuntu 22.04 Jammy Jellyfish x86_64
Path: /home/bib/bin/gamadv-xtd3
Config File: /home/bib/.gam/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain:

To install:

1	`bash` `<(curl -s -S -L https://git.io/fhZWP) -l;`

To authorize:

1	`gam user bob@bytefreaks.net check serviceaccount;`

This created a link for the browser which we followed to authorize the API.
Example output:

System time status
  Your system time differs from admin.googleapis.com by less than 1 second  PASS
Service Account Private Key Authentication
  Authentication                                                            PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
  Service Account Private Key age: 350 days                                 WARN
Domain-wide Delegation authentication:, User: bob@bytefreaks.net, Scopes: 28
  https://mail.google.com/                                                  FAIL (1/28)
  https://sites.google.com/feeds                                            FAIL (2/28)
  https://www.googleapis.com/auth/apps.alerts                               FAIL (3/28)
  https://www.googleapis.com/auth/calendar                                  FAIL (4/28)
  https://www.googleapis.com/auth/classroom.announcements                   FAIL (5/28)
  https://www.googleapis.com/auth/classroom.coursework.students             FAIL (6/28)
  https://www.googleapis.com/auth/classroom.courseworkmaterials             FAIL (7/28)
  https://www.googleapis.com/auth/classroom.profile.emails                  FAIL (8/28)
  https://www.googleapis.com/auth/classroom.rosters                         FAIL (9/28)
  https://www.googleapis.com/auth/classroom.topics                          FAIL (10/28)
  https://www.googleapis.com/auth/cloud-identity                            FAIL (11/28)
  https://www.googleapis.com/auth/cloud-platform                            FAIL (12/28)
  https://www.googleapis.com/auth/contacts                                  FAIL (13/28)
  https://www.googleapis.com/auth/contacts.other.readonly                   FAIL (14/28)
  https://www.googleapis.com/auth/datastudio                                FAIL (15/28)
  https://www.googleapis.com/auth/directory.readonly                        FAIL (16/28)
  https://www.googleapis.com/auth/documents                                 FAIL (17/28)
  https://www.googleapis.com/auth/drive                                     FAIL (18/28)
  https://www.googleapis.com/auth/drive.activity                            FAIL (19/28)
  https://www.googleapis.com/auth/drive.admin.labels                        FAIL (20/28)
  https://www.googleapis.com/auth/drive.labels                              FAIL (21/28)
  https://www.googleapis.com/auth/gmail.modify                              FAIL (22/28)
  https://www.googleapis.com/auth/gmail.settings.basic                      FAIL (23/28)
  https://www.googleapis.com/auth/gmail.settings.sharing                    FAIL (24/28)
  https://www.googleapis.com/auth/keep                                      FAIL (25/28)
  https://www.googleapis.com/auth/spreadsheets                              FAIL (26/28)
  https://www.googleapis.com/auth/tasks                                     FAIL (27/28)
  https://www.googleapis.com/auth/userinfo.profile                          FAIL (28/28)
Some scopes FAILED!
To authorize them, please go to the following link in your browser:

    https://admin.google.com/ac/owl/domainwidedelegation?clientScopeToAdd=https://mail.google.com/,https://sites.google.com/feeds,https://www.googleapis.com/auth/apps.alerts,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/classroom.announcements,https://www.googleapis.com/auth/classroom.coursework.students,https://www.googleapis.com/auth/classroom.courseworkmaterials,https://www.googleapis.com/auth/classroom.profile.emails,https://www.googleapis.com/auth/classroom.rosters,https://www.googleapis.com/auth/classroom.topics,https://www.googleapis.com/auth/cloud-identity,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/contacts.other.readonly,https://www.googleapis.com/auth/datastudio,https://www.googleapis.com/auth/directory.readonly,https://www.googleapis.com/auth/documents,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.activity,https://www.googleapis.com/auth/drive.admin.labels,https://www.googleapis.com/auth/drive.labels,https://www.googleapis.com/auth/gmail.modify,https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/gmail.settings.sharing,https://www.googleapis.com/auth/keep,https://www.googleapis.com/auth/spreadsheets,https://www.googleapis.com/auth/tasks,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/userinfo.email&clientIdToAdd=101337532152182481803&overwriteClientId=true&dn=bytefreaks.net&authuser=bob@bytefreaks.net

You will be directed to the Google Workspace admin console Security > API Controls > Domain-wide Delegation page
The "Add a new Client ID" box will open
Make sure that "Overwrite existing client ID" is checked
Click AUTHORIZE
When the box closes you're done
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.

After authorizing, we executed again to verify that all tests passed:

System time status
  Your system time differs from admin.googleapis.com by 1 second            PASS
Service Account Private Key Authentication
  Authentication                                                            PASS
Service Account Private Key age; Google recommends rotating keys on a routine basis
  Service Account Private Key age: 350 days                                 WARN
Domain-wide Delegation authentication:, User: bob@bytefreaks.net, Scopes: 28
  https://mail.google.com/                                                  PASS (1/28)
  https://sites.google.com/feeds                                            PASS (2/28)
  https://www.googleapis.com/auth/apps.alerts                               PASS (3/28)
  https://www.googleapis.com/auth/calendar                                  PASS (4/28)
  https://www.googleapis.com/auth/classroom.announcements                   PASS (5/28)
  https://www.googleapis.com/auth/classroom.coursework.students             PASS (6/28)
  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (7/28)
  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (8/28)
  https://www.googleapis.com/auth/classroom.rosters                         PASS (9/28)
  https://www.googleapis.com/auth/classroom.topics                          PASS (10/28)
  https://www.googleapis.com/auth/cloud-identity                            PASS (11/28)
  https://www.googleapis.com/auth/cloud-platform                            PASS (12/28)
^[[C  https://www.googleapis.com/auth/contacts                                  PASS (13/28)
  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (14/28)
  https://www.googleapis.com/auth/datastudio                                PASS (15/28)
  https://www.googleapis.com/auth/directory.readonly                        PASS (16/28)
  https://www.googleapis.com/auth/documents                                 PASS (17/28)
  https://www.googleapis.com/auth/drive                                     PASS (18/28)
  https://www.googleapis.com/auth/drive.activity                            PASS (19/28)
  https://www.googleapis.com/auth/drive.admin.labels                        PASS (20/28)
  https://www.googleapis.com/auth/drive.labels                              PASS (21/28)
  https://www.googleapis.com/auth/gmail.modify                              PASS (22/28)
  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (23/28)
  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (24/28)
  https://www.googleapis.com/auth/keep                                      PASS (25/28)
  https://www.googleapis.com/auth/spreadsheets                              PASS (26/28)
  https://www.googleapis.com/auth/tasks                                     PASS (27/28)
  https://www.googleapis.com/auth/userinfo.profile                          PASS (28/28)
All scopes PASSED!

Service Account Client name: 101337532152182481803 is fully authorized.

Finally, we executed the following to create a CSV file that contained all members of all groups:

1	`gam print group-members > emails.2022.csv;`

Bytefreaks.net – a place for hacks