Cloud credentials for Google Drive with Google Enhanced Security enabled?

[Angrily4845]

Checking if anyone is aware if there is any way past this when trying to set up a Google Drive cloud credential.
I am using yubikeys and have enabled enhanced security on my google account.

This is what happens when I try to log in as a result. It seems its expecting some sort of 2FA instead of app password.
App passwords are not possible with enhanced security.

Case of tough luck? Did I miss something?
Cheers!

 

[albrecd]

Is it possible to set up your authentication via OAuth? This is a much more secure way to grant service access to the account, and depending on how it is implemented may allow you to sign in initially from the TrueNAS box with your hardware token. Though I wouldn't be too optimistic as Google is pretty clear in their FAQ that enhanced security blocks most apps and services by design.

App passwords completely bypass MFA and allow service authentication via username and password alone, and are generally not recommended unless absolutely necessary for backward compatibility with legacy apps and services (in which case best practice would be to give the service a dedicated account with reduced access / permissions).

Ultimately, if your account requires the extra protection of enhanced security, granting automatic access to any service including TrueNAS syncing may not be worth the security risk anyway.

 

[Angrily4845]

I will investigate but it seems to be fairly strict from Google's end as you pointed out. I did know what i was getting into when enabling enhanced security. But would be nice to be able to sign into or give it some sort of access. Paying for 2TB for keeping encrypted backups on it. Guess ill figure out a way to deal with it differently perhaps.

I would definitely like to avoid app passwords for sure, I am a fan of the hardware keys :)
Ideally id love to be able to just give some sort of authentication to a user/id inside drive to a specific folder for the backups only.
Seems like living the pipe dream anyways, this isnt really doable.

Cheers for the help.