GMail starts to block less secure apps: how to enable access again
Gmail users can access their account on the official website or by using first-party or third-party apps and services instead. A first party app is for instance Google's official Gmail app for Android, while Thunderbird and the mail client app of Windows 8 are third-party apps.
Google announced back in April 2014 that it would improve the sign-in security of its services and affect any application sending usernames and passwords to the company.
The company suggested to switch to OAuth 2.0 back then but did not enforce it up until now.
If you open the new less secure apps page under security settings on Google, you will notice that Google has disabled access by default.
Note: You see the page only if you are not using Google Apps or have enabled two-factor authentication for the account.
Google states on it that "some devices and apps use insecure sign-in" technologies to access account data, and that the disable setting blocks these apps and services from accessing the Google Account.
You can flip the switch here to enable less secure applications again so that access is regained.
A help page lists some of the applications affected by the change:
- The mail app on iPhone or iPad with iOS 6 or below.
- The mail app on Windows phone prior to Windows Phone 8.1.
- Some third-party mail apps on Android.
- Some desktop mail clients like Outlook or Thunderbird.
How to resolve access errors
If you are receiving error messages -- password incorrect or similar -- when trying to sign-in to your Gmail account using a third-party application or service, chance is that it is affected by the change.
You have several options at your disposal to resolve the issue:
- Enable Two-Factor Authentication for the account. As mentioned earlier, accounts with it enabled are not affected by the change. You may need to create an app specific password in the process for the app or service though. Read also: Use 2-Step Verification without mobile app.
- Change the "allow less secure apps" setting to enable. This allows them to connect to the account again.
- Switch to a different service or program.
The easiest option, without doubt, is to switch to enable on the security settings page. Two-Factor authentication may improve the overall security, but since you may need to create app-specific passwords, does not seem to improve security when compared to switching the setting to enable.
It is possible that companies will start to update their applications and services to support Oauth 2.0 so that users don't have to make a decision in this regard anymore.
For now, the three options listed above is all that is available to those users.
I just checked and it’s still on “enable” for me.
Anyway, thanks for the tip, I’ll check back if I start getting authorization errors in Thunderbird
On this issue, a quote from a moderator of the Mozilla Thunderbird forum:
”
This is not an issue of whether or not Thunderbird is implementing the latest version of SSL/TLS etc., they’re basically saying they are trying to actively discourage people from using any email client that logins to Gmail using POP, IMAP or SMTP anymore. This appears to be another example of embrace, extend, and extinguish.
”
I have a user reported the same issue, obviously google is misleading, IMHO.
just get to the point instead of fart arsing around How do I make my account less secure because the bullshit you’re saying isn’t there
I was using my gMail account with Thunderbird for over a year & then 3 weeks ago Google without prior notice slammed the door shut on that (I know they own the site).. I tried a different 3rd party app with same gMail addy & no dice.. I tried the ‘enable unsecure devices’ on gMail settings & that doesn’t do it anymore so guess they turned that off too.. Sooooo I changed email client back to AOL & all is good with Thunderbird.. In the past couple of months I have stopped using Google products because they have gotten too controlling & have forgotten they invented the #PPC & Mouse Clicks make money theory but guess they’ve gotten so big they don’t care; my biggest change was uninstalling Chrome & installing a different browser..They hire interns to work for them & when they see complaints on Twitter about Google/gMail/Chrome interns jump in & do copy/paste of redundant replies that don’t help especially if tweets contain hashtag #gHelp.. There are several websites that monitor sites that are down & several with live tweets from end users ‘all over the world’ on this shutdown by gMail & third party mail clients so it’s not just me having problems it’s worldwide & with different apps both mobile & desktop.. The major thing that customers look for is ‘customer service’ and there is none at Google something Apple is known for.. “be careful who you step on climbing that ladder of success because you will meet them on the way down”..
It is possible to use xoauth with both smtp and imap. It just takes modifying the authentication process. I have succesfully accomplished this with our smtp code. Unfortunately with imap the issue is a little stickier. Our code depends on the php imap extension which is non extensible and does not support xoauth. I have succesfully written authentiacation code to log in to imap with regular php streams, but these are not useable with the imap extension.
Using my own webmail client, I have no problem logging in to my main Google account, but I cannot log in to other Google accounts. All accounts have “enable” checked on the Allow Less Secure page, to no avail.
I think the quote from the Thunderbird mod is on the right track… “Don’t use other clients, or we’ll randomly block you.”
So, Mail Droid is still free, correct (the ad version)??
My experience confirms Hugh’s note of August 27, 2014. I created an automation script to send email via a secondary Google account and was blocked. Works fine via primary account. The whole raison d’etre though was to use the secondary creds in the script to keep my primary credentials more secure.
I haven’t researched but does anyone know if I can swap the primary/secondary designations on these accounts, ie,
dummy account becomes primary; real, secondary.
https://www.google.com/settings/security/lesssecureapps
Just Copy this Link into Address bar and you will get a page with On and Off app Security
Just Off Setting The ActiveX will Automatically Send Mail Using Gmail account
this no longer works in 2017
Many Thanks !
Do note, even if you have an OAuth2 enabled mail-client; Google can block the client at any moment for ANY REASON using the OAuth2 system. The security benefits of OAuth2 are zero. A mail client that uses a token or your password still has access to your mail and can still do evil.
The CORPORATE benefits are extreme.
“It was discovered that the iOS8 mail client has a critical vulnerability. All OAuth2 Tokens have been revoked. Please update to a secure Google-Based Mail Client.”
I like they way that I get these errors when using Google’s own GAMME, Google Apps Migration for Microsoft Exchange. Hehe :)
Thanks for the post, it solved my problem as I close old user accounts.
I just ran into this issue after using Thunderbird for years to POP messages (basically just using Tb as a notifier) on some of my accounts. Essentially, Google just wants to block anything older than “most recent” (that isn’t theirs). It seems to have only happened after turning off checking for new messages in one account for several months–so, a “use it or lose it” scenario for them. What are they thinking: “better safe than sorry”? …except they don’t make it all that easy to find the Help page which explains the enable “less secure” function (I had to use Google search to find it). By all means, though, let’s secure access to your email that has been traveling around the Internet in plain text so that anyone and his brother can read it.
Having worked on an email app back in the early ’90s, I’m well aware how much POP and SMTP have changed over the past 2 decades and more–as in, almost not at all. The actual signing on is still just as secured as the “more secure” apps. Not being “Google-approved” does not make something unsafe-to-use.
This is hilarious, I’ve used one gmail account to occasionally send through another (work) google apps account, now it gets rejected as unsafe. It’s unsafe to access Gmail with Gmail. Google needs to approve Gmail for use.
Unbelievable, same thing here.
A Google Apps account cannot sent email from the web UI integrated “sent as” option… Gmail is blocking gmail.
Having just moved to Google Apps for Work for two workplaces, I can say confidently that Thunderbird does work with gmail (and as an aside, I was delighted with how easily I could autoconfig – a real change from our inhouse mail server).
It does seem to be an OAuth 2.0 process that is being used, if that’s what the pop-up gmail authentication screen is about. Just use it the first time and all good after that.
Our client reminder emailer is another matter… Fortunately, in Google Apps for Work we can use smtp-relay.gmail.com and authorise our sender ip in the management pages. Won’t work for private gmail, I guess.
i need my own web page to have access to my gmail pasword
my web page pretend to send emails, but my account
don’t let it.
what can i do to it ?
thankyou very much
Plzz provide me solution of enabling less secure apps in my gmail account.
If less secure aap access is turned off, then not access gmail mail detail.
thank you