GMail starts to block less secure apps: how to enable access again

Gmail users can access their account on the official website or by using first-party or third-party apps and services instead. A first party app is for instance Google's official Gmail app for Android, while Thunderbird and the mail client app of Windows 8 are third-party apps.

Google announced back in April 2014 that it would improve the sign-in security of its services and affect any application sending usernames and passwords to the company.

The company suggested to switch to OAuth 2.0 back then but did not enforce it up until now.

If you open the new less secure apps page under security settings on Google, you will notice that Google has disabled access by default.

Note: You see the page only if you are not using Google Apps or have enabled two-factor authentication for the account.

google allow less secure apps

Google states on it that "some devices and apps use insecure sign-in" technologies to access account data, and that the disable setting blocks these apps and services from accessing the Google Account.

You can flip the switch here to enable less secure applications again so that access is regained.

A help page lists some of the applications affected by the change:

  • The mail app on iPhone or iPad with iOS 6 or below.
  • The mail app on Windows phone prior to Windows Phone 8.1.
  • Some third-party mail apps on Android.
  • Some desktop mail clients like Outlook or Thunderbird.

How to resolve access errors

If you are receiving error messages -- password incorrect or similar -- when trying to sign-in to your Gmail account using a third-party application or service, chance is that it is affected by the change.

You have several options at your disposal to resolve the issue:

  1. Enable Two-Factor Authentication for the account. As mentioned earlier, accounts with it enabled are not affected by the change. You may need to create an app specific password in the process for the app or service though. Read also: Use 2-Step Verification without mobile app.
  2. Change the "allow less secure apps" setting to enable. This allows them to connect to the account again.
  3. Switch to a different service or program.

The easiest option, without doubt, is to switch to enable on the security settings page. Two-Factor authentication may improve the overall security, but since you may need to create app-specific passwords, does not seem to improve security when compared to switching the setting to enable.

It is possible that companies will start to update their applications and services to support Oauth 2.0 so that users don't have to make a decision in this regard anymore.

For now, the three options listed above is all that is available to those users.

Article Name
GMail starts to block less secure apps: how to enable access again
If you are receiving error messages while trying to sign-in to Gmail, a recent security switch by Google may be the reason. Find out how to resolve it.
Please share this article


Filed under:

Responses to GMail starts to block less secure apps: how to enable access again

  1. city_zen July 21, 2014 at 7:31 pm #

    I just checked and it's still on "enable" for me.
    Anyway, thanks for the tip, I'll check back if I start getting authorization errors in Thunderbird

  2. Edwin Yip | Dev of OwnMyCopy August 18, 2014 at 4:59 pm #

    On this issue, a quote from a moderator of the Mozilla Thunderbird forum:
    This is not an issue of whether or not Thunderbird is implementing the latest version of SSL/TLS etc., they're basically saying they are trying to actively discourage people from using any email client that logins to Gmail using POP, IMAP or SMTP anymore. This appears to be another example of embrace, extend, and extinguish.

    I have a user reported the same issue, obviously google is misleading, IMHO.

  3. Hugh August 27, 2014 at 6:14 am #

    Using my own webmail client, I have no problem logging in to my main Google account, but I cannot log in to other Google accounts. All accounts have "enable" checked on the Allow Less Secure page, to no avail.

    I think the quote from the Thunderbird mod is on the right track... "Don't use other clients, or we'll randomly block you."

  4. Erin November 14, 2014 at 2:42 pm #

    So, Mail Droid is still free, correct (the ad version)??

  5. Charles January 18, 2015 at 6:24 am #

    My experience confirms Hugh's note of August 27, 2014. I created an automation script to send email via a secondary Google account and was blocked. Works fine via primary account. The whole raison d'etre though was to use the secondary creds in the script to keep my primary credentials more secure.

    I haven't researched but does anyone know if I can swap the primary/secondary designations on these accounts, ie,
    dummy account becomes primary; real, secondary.

Leave a Reply