Yes said the Duo Security company in a report. Google has using 2 way authentications for secure login. Yahoo implemented the technology by the year 2011 and followed by Facebook.
Application Specific Passwords (ASP) are generated by Google that can be used as an optional for master password. The user thought that key can be only once, but the fact according to Duo Security is it can be used anywhere without the second authentication. Google has added the fix to close the loophole on Feb 21 said the Duo Security.
The Google Two Way Authentications is by the user password is the one and second one is the code that will be generated and send to your mobile or by an app. The ASP alone help the hacker for the first sign in which helps to gain the access but the master password is the key to mess up with the account settings.
Since 2011 the automated risk analysis has reduced the number of compromised Google accounts by 99.7 percents said by Google.