Say I want to "send as" gmail account 1 from gmail account 2.
It seems that once I activate 2FA for account 1, I now have to use an "application password" to use it in account 2.
But does not that go against the 2FA goal on Account 1? Because now there is an application password that can be used from anywhere by any client without 2FA.
Am I missing something?