Google blocked a less secure app from accessing your account

Q: How do I unblock less secure apps on Google?

Turn off Less secure app access Go to the Less secure app access section of your Google Account. You might need to sign in. Turn Allow less secure apps off.

The clock is ticking for businesses using what Google defines as a "less secure app" (LSA) to access services like its G Suite mail, calendar and contacts. New accounts will be blocked from using LSAs from June 15 2020, and all access will be disabled on February 15 2021.

Table of Contents Show

How do I unblock less secure apps on Google?
How do I enable less secure apps on my Google Account?
How do I stop Google from blocking an app?
How do I enable less secure apps access 2022?

Google's latest announcement is specific to G Suite, the business version of these productivity services. The company is also keen that users of the free consumer service avoid LSAs, but the new deadlines do not necessarily apply.

What is an LSA? The company says "non-Google apps that can access your Google account with only a username and password." In practice, it seems to mean any app that does not support OAuth.

Using OAuth means that applications request access to the API and, after user login and consent, receive a unique token for authentication. This means that the client application does not have to store the user's password, but only the token. Users can also revoke access to that specific application.

The difficulty for some users is that there are still plenty of applications that do not support OAuth. Microsoft Outlook only gained this capability with the latest version, Outlook 2019, or an up-to-date Outlook 365 for Office 365 users. Users with older versions of Outlook can use an Outlook sync client to synchronize email between G Suite and Outlook.

Another scenario is where users have a mail client that was originally set up to use username and password, and this setting has persisted through upgrades, even though the latest version does support OAuth. In these cases, the account will give errors after the deadline passes, but this can be fixed by removing and re-adding the account using OAuth. In iOS Mail, for example, this means choosing the Google account type for your mail, calendar or contacts.

Curiously, Google's guidance states that: "No change is required for scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails."

The guidance for this recommends using the G Suite SMTP relay service using either a configured static IP address or: "Your full G Suite email address () and password when relaying through ports 587 and 465."

In the latter case this looks like a weakness in the G Suite security plans, particularly as scanners are in general not noted for secure password storage. A dedicated, limited access scanner account would make sense here. The guidance does say, "If you replace your device, look for one that sends email using OAuth."

That, or the static IP idea, look like better solutions.

Is Google pushing better security practice, or steering users towards its own browser-based client applications and away from alternatives? Probably more the former, though changes like this do put pressure on users. Note that adopting two-factor authentication is also substantially more secure, and in this case access from LSAs is automatically disabled for both G Suite and consumer accounts. ®

Blocking sign-ins from Less secure apps helps keep accounts safe. For these reasons, Google is limiting password-based programmatic sign-ins to Google Accounts. This may have an impact on older email clients that don't support OAuth2 and other applications that don't offer the "sign in with Google" option. This also affects accounts that have been configured to "Send Mail As" from another account.

Start using alternatives to less secure apps as soon as possible.

If you are having an issue with an email client, You can still access your email and calendar using the Gmail app via your browser. Go to mail.google.com to sign in.

Note: When 2-step Verification is turned on for an account, access to less secure apps is automatically disabled.

We encourage local IT to be involved with updating their users' clients so that any necessary configurations can be preserved. ETS can assist with setting up the recommended/supported clients.

Check the settings for commonly used email clients, like Outlook, Thunderbird and Apple Mail.

Outlook

Install/upgrade to the latest version of the client, 2016 and newer is required.
Open Outlook
Click File → Account Settings → Account Settings
Double click the account name
Verify the proper settings as shown in step 6-8 of the Outlook Connect User Guide

Thunderbird

Install/upgrade to the latest version of the client
Open Thunderbird
Right-click on the email address in the left column → Settings
Verify the proper settings as shown in step 6-8 of the Thunderbird Connect User Guide

Apple Mail (Catalina macOS or later)

Open Apple Mail*
Mail → Preferences → Accounts → Server Settings
Verify the proper settings as shown in step 11 of the Apple Mail Connect User Guide

* For older Apple Mail versions (Mojave and earlier), follow the steps outlines in the 'Alternatives to Less secure apps - App Passwords' section below. If you prefer to upgrade Apple Mail instead, you need to upgrade your macOS. Please consult with your local IT team before upgrading your macOS.

Alternatives to Less secure apps - App Passwords

If you're using an application or email client that does not support OAuth2, you can use Google's App Passwords feature. In order to use this feature, you must first enable Google's 2-Step Verification.

Click your Google profile icon
Click Manage your Google account
Click Security from the left navigation bar
Under "Signing in to Google", click App passwords
Enter your Connect account password
Select the Application and/or Device from the drop down options. Select "Other..." to type the name of the application
The App Password is the 16-character code in the yellow bar on your device
Click Done
Go to the Settings section of your app and replace your password with the 16-character password. This app password grants complete access to your Google Account. You won't need to remember it, so don't write it down or share it with anyone.

How do I unblock less secure apps on Google?

Turn off "Less secure app access" Go to the Less secure app access section of your Google Account. You might need to sign in. Turn Allow less secure apps off.

How do I enable less secure apps on my Google Account?

Manage access to less secure apps.

In the Admin console, go to Menu Security Access and data control. ... .

To apply the setting to everyone, leave the top organizational unit selected. ... .

Select the setting for less secure apps: ... .

Click Save..

How do I stop Google from blocking an app?

If you have to allow an application to access your Google account, you can disable this security block..

Click here to access Less Secure App Access in My Account..

Next to “Allow less secure apps: OFF,” select the toggle switch to turn ON..

How do I enable less secure apps access 2022?

As of May 30 2022 google has removed the less secure apps option. There is no way to turn this on as it no longer exists. Enable 2fa on your google account and create an apps password and use that in place of your true password in your code.