Set up two-factor auth and app-specific password for email registration helper
Gmail has "application-specific passwords" that are intended to allow SMTP and IMAP programs to authenticate without using the main Gmail/Google Account password. For some reason, you can only set this up if you've enabled two-factor authentication.
We should do this because
- we can keep the master Gmail password offline, and only allow the facilitator access to IMAP under a different password. A breakin on the facilitator would not, for example, allow the intruder to set a new Gmail forwarding rule.
- We can revoke/rotate the IMAP password independently of the master Gmail password.