Application-specific passwords weaken Google’s two-factor authentication, researchers say

Researchers from two-factor authentication provider Duo Security found a loophole in Google's authentication system that allowed them to bypass the company's 2-step login verification by abusing the unique passwords used to connect individual applications to Google accounts.

Story added 26. February 2013, content source with full text you can find at link above.