GMail starts to block less secure apps: how to enable access again

Martin Brinkmann
Jul 21, 2014
Updated • Jan 4, 2018
Companies, Gmail, Google
|
23

Gmail users can access their account on the official website or by using first-party or third-party apps and services instead. A first party app is for instance Google's official Gmail app for Android, while Thunderbird and the mail client app of Windows 8 are third-party apps.

Google announced back in April 2014 that it would improve the sign-in security of its services and affect any application sending usernames and passwords to the company.

The company suggested to switch to OAuth 2.0 back then but did not enforce it up until now.

If you open the new less secure apps page under security settings on Google, you will notice that Google has disabled access by default.

Note: You see the page only if you are not using Google Apps or have enabled two-factor authentication for the account.

google allow less secure apps

Google states on it that "some devices and apps use insecure sign-in" technologies to access account data, and that the disable setting blocks these apps and services from accessing the Google Account.

You can flip the switch here to enable less secure applications again so that access is regained.

A help page lists some of the applications affected by the change:

  • The mail app on iPhone or iPad with iOS 6 or below.
  • The mail app on Windows phone prior to Windows Phone 8.1.
  • Some third-party mail apps on Android.
  • Some desktop mail clients like Outlook or Thunderbird.

How to resolve access errors

If you are receiving error messages -- password incorrect or similar -- when trying to sign-in to your Gmail account using a third-party application or service, chance is that it is affected by the change.

You have several options at your disposal to resolve the issue:

  1. Enable Two-Factor Authentication for the account. As mentioned earlier, accounts with it enabled are not affected by the change. You may need to create an app specific password in the process for the app or service though. Read also: Use 2-Step Verification without mobile app.
  2. Change the "allow less secure apps" setting to enable. This allows them to connect to the account again.
  3. Switch to a different service or program.

The easiest option, without doubt, is to switch to enable on the security settings page. Two-Factor authentication may improve the overall security, but since you may need to create app-specific passwords, does not seem to improve security when compared to switching the setting to enable.

It is possible that companies will start to update their applications and services to support Oauth 2.0 so that users don't have to make a decision in this regard anymore.

For now, the three options listed above is all that is available to those users.

Summary
GMail starts to block less secure apps: how to enable access again
Article Name
GMail starts to block less secure apps: how to enable access again
Description
If you are receiving error messages while trying to sign-in to Gmail, a recent security switch by Google may be the reason. Find out how to resolve it.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Daniel Steered said on March 9, 2024 at 3:26 pm
    Reply

    Anyway, thanks for the tip, I’ll check back if I start getting authorization errors in Thunderbird

  2. Daniel Lisa said on July 8, 2023 at 5:44 pm
    Reply

    Using my own webmail client, I have no problem logging in to my main Google account, but I cannot log in to other Google accounts. All accounts have “enable” checked on the Allow Less Secure page, to no avail.

  3. Anonymous said on February 24, 2020 at 12:23 pm
    Reply

    thank you

  4. Arvind said on February 5, 2020 at 8:21 am
    Reply

    If less secure aap access is turned off, then not access gmail mail detail.

  5. Shan Ali said on November 2, 2017 at 7:08 pm
    Reply

    Plzz provide me solution of enabling less secure apps in my gmail account.

  6. Marc Renobell said on August 28, 2017 at 11:41 am
    Reply

    i need my own web page to have access to my gmail pasword

    my web page pretend to send emails, but my account
    don’t let it.
    what can i do to it ?
    thankyou very much

  7. Andrew P said on June 22, 2016 at 5:24 am
    Reply

    Having just moved to Google Apps for Work for two workplaces, I can say confidently that Thunderbird does work with gmail (and as an aside, I was delighted with how easily I could autoconfig – a real change from our inhouse mail server).
    It does seem to be an OAuth 2.0 process that is being used, if that’s what the pop-up gmail authentication screen is about. Just use it the first time and all good after that.

    Our client reminder emailer is another matter… Fortunately, in Google Apps for Work we can use smtp-relay.gmail.com and authorise our sender ip in the management pages. Won’t work for private gmail, I guess.

  8. J said on May 13, 2016 at 3:34 am
    Reply

    Unbelievable, same thing here.
    A Google Apps account cannot sent email from the web UI integrated “sent as” option… Gmail is blocking gmail.

  9. Rudy said on March 25, 2016 at 9:16 pm
    Reply

    This is hilarious, I’ve used one gmail account to occasionally send through another (work) google apps account, now it gets rejected as unsafe. It’s unsafe to access Gmail with Gmail. Google needs to approve Gmail for use.

  10. Earl said on March 20, 2016 at 10:39 pm
    Reply

    I just ran into this issue after using Thunderbird for years to POP messages (basically just using Tb as a notifier) on some of my accounts. Essentially, Google just wants to block anything older than “most recent” (that isn’t theirs). It seems to have only happened after turning off checking for new messages in one account for several months–so, a “use it or lose it” scenario for them. What are they thinking: “better safe than sorry”? …except they don’t make it all that easy to find the Help page which explains the enable “less secure” function (I had to use Google search to find it). By all means, though, let’s secure access to your email that has been traveling around the Internet in plain text so that anyone and his brother can read it.

    Having worked on an email app back in the early ’90s, I’m well aware how much POP and SMTP have changed over the past 2 decades and more–as in, almost not at all. The actual signing on is still just as secured as the “more secure” apps. Not being “Google-approved” does not make something unsafe-to-use.

  11. Ben Maden said on January 5, 2016 at 2:16 am
    Reply

    I like they way that I get these errors when using Google’s own GAMME, Google Apps Migration for Microsoft Exchange. Hehe :)

    Thanks for the post, it solved my problem as I close old user accounts.

  12. Name said on September 6, 2015 at 11:35 pm
    Reply

    Do note, even if you have an OAuth2 enabled mail-client; Google can block the client at any moment for ANY REASON using the OAuth2 system. The security benefits of OAuth2 are zero. A mail client that uses a token or your password still has access to your mail and can still do evil.

    The CORPORATE benefits are extreme.
    “It was discovered that the iOS8 mail client has a critical vulnerability. All OAuth2 Tokens have been revoked. Please update to a secure Google-Based Mail Client.”

  13. kamal said on April 22, 2015 at 4:38 pm
    Reply

    Many Thanks !

  14. Sachin wairagade said on April 4, 2015 at 3:19 pm
    Reply

    https://www.google.com/settings/security/lesssecureapps

    Just Copy this Link into Address bar and you will get a page with On and Off app Security
    Just Off Setting The ActiveX will Automatically Send Mail Using Gmail account

    1. Pat said on June 6, 2017 at 2:58 pm
      Reply

      this no longer works in 2017

  15. Charles said on January 18, 2015 at 6:24 am
    Reply

    My experience confirms Hugh’s note of August 27, 2014. I created an automation script to send email via a secondary Google account and was blocked. Works fine via primary account. The whole raison d’etre though was to use the secondary creds in the script to keep my primary credentials more secure.

    I haven’t researched but does anyone know if I can swap the primary/secondary designations on these accounts, ie,
    dummy account becomes primary; real, secondary.

  16. Erin said on November 14, 2014 at 2:42 pm
    Reply

    So, Mail Droid is still free, correct (the ad version)??

  17. Hugh said on August 27, 2014 at 6:14 am
    Reply

    Using my own webmail client, I have no problem logging in to my main Google account, but I cannot log in to other Google accounts. All accounts have “enable” checked on the Allow Less Secure page, to no avail.

    I think the quote from the Thunderbird mod is on the right track… “Don’t use other clients, or we’ll randomly block you.”

  18. Edwin Yip | Dev of OwnMyCopy said on August 18, 2014 at 4:59 pm
    Reply

    On this issue, a quote from a moderator of the Mozilla Thunderbird forum:

    This is not an issue of whether or not Thunderbird is implementing the latest version of SSL/TLS etc., they’re basically saying they are trying to actively discourage people from using any email client that logins to Gmail using POP, IMAP or SMTP anymore. This appears to be another example of embrace, extend, and extinguish.

    I have a user reported the same issue, obviously google is misleading, IMHO.

    1. Antony Landsman said on July 18, 2019 at 4:00 pm
      Reply

      It is possible to use xoauth with both smtp and imap. It just takes modifying the authentication process. I have succesfully accomplished this with our smtp code. Unfortunately with imap the issue is a little stickier. Our code depends on the php imap extension which is non extensible and does not support xoauth. I have succesfully written authentiacation code to log in to imap with regular php streams, but these are not useable with the imap extension.

    2. Pat said on June 8, 2017 at 2:44 pm
      Reply

      I was using my gMail account with Thunderbird for over a year & then 3 weeks ago Google without prior notice slammed the door shut on that (I know they own the site).. I tried a different 3rd party app with same gMail addy & no dice.. I tried the ‘enable unsecure devices’ on gMail settings & that doesn’t do it anymore so guess they turned that off too.. Sooooo I changed email client back to AOL & all is good with Thunderbird.. In the past couple of months I have stopped using Google products because they have gotten too controlling & have forgotten they invented the #PPC & Mouse Clicks make money theory but guess they’ve gotten so big they don’t care; my biggest change was uninstalling Chrome & installing a different browser..They hire interns to work for them & when they see complaints on Twitter about Google/gMail/Chrome interns jump in & do copy/paste of redundant replies that don’t help especially if tweets contain hashtag #gHelp.. There are several websites that monitor sites that are down & several with live tweets from end users ‘all over the world’ on this shutdown by gMail & third party mail clients so it’s not just me having problems it’s worldwide & with different apps both mobile & desktop.. The major thing that customers look for is ‘customer service’ and there is none at Google something Apple is known for.. “be careful who you step on climbing that ladder of success because you will meet them on the way down”..

    3. Anonymous said on March 15, 2017 at 3:44 am
      Reply

      just get to the point instead of fart arsing around How do I make my account less secure because the bullshit you’re saying isn’t there

  19. city_zen said on July 21, 2014 at 7:31 pm
    Reply

    I just checked and it’s still on “enable” for me.
    Anyway, thanks for the tip, I’ll check back if I start getting authorization errors in Thunderbird

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.