Allow less secure apps in Gmail

Allow Less Secure Apps to Access Your Gmail Account

Last updated on | 33 replies

Google may block sign-in attempts from some apps or devices that do not use modern security standards. Since these apps and devices are easier to break into, blocking them helps keep your account safe.

Allowing Less Secure Apps

If you have to allow an application to access your Google account, you can disable this security block.

  1. Sign in to Gmail
  2. Click here to access Less Secure App Access in My Account.
  3. Next to “Allow less secure apps: OFF,” select the toggle switch to turn ON.
  4. Visit the Display Unlock Captcha page and click Continue to remove the security block.

The Allow less secure apps setting may not be available for:

  • Accounts with 2-Step Verification (2FA) enabled. If 2FA is already enabled on your account, you should create an application-specific password and use this password for your application. If you still can’t access your account with an app password, visit the Display Unlock Captcha page and click Continue to remove the security block.
  • Google Workspace (formally G Suite) users: This setting may not be available if your Google Workspace administrator has locked less secure app account access. Please read the Google Workspace section below or contact your Google Workspace administrator for help.

I still can’t log in..

If you still can’t log into your account through your application after changing the “Allow less secure apps” setting, consider enabling 2-Step Verification and creating an application-specific password.

If you cannot access your account using an app password, your application may not meet Google’s new security standards. For example, older versions of Outlook may no longer work with Google’s authentication system. Consider upgrading your application to the latest version and try logging in again.

Google Workspace (formally G Suite) Admins

Google Workspace Admins: Enabling less secure apps to access Google Workspace accounts

  1. Sign in to your Google Admin console (Sign in using an administrator account)
  2. Click Security > Less secure apps.
  3. Select Allow users to manage their access to less secure apps.
  4. Click Save.G-Suite Allow Less Secure Apps
  5. Once you’ve set Allow users to manage their access to less secure apps to on, affected Google Workspace users within the selected group or Organizational Unit will be able to toggle access for less secure apps on or off themselves. It may take a minute or so for the setting to take affect.
  6. Now log in as the Google Workspace user and visit https://myaccount.google.com/lesssecureapps to toggle Less Secure Apps access.

Google Workspace Admins: Important Security Changes Coming

Starting in June 2020, Google will limit the ability for less secure apps (LSAs) to access Google Workspace account data. This is most likely to impact users of legacy email, calendar, and contacts apps.

LSAs are non-Google apps that can access your Google account with only a username and password. They make your account more vulnerable to hijacking attempts. Instead of LSAs, you can use apps that support OAuth—a modern and secure access method.

Access to LSAs will be turned off in two stages:

  • After June 15, 2020 – Users who try to connect to an LSA for the first time will no longer be able to do so. This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV, IMAP, and Exchange ActiveSync (Google Sync). Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.
  • After February 15, 2021 – Access to LSAs will be turned off for all Google Workspace accounts.

For more information, please read Google’s blog article: Turning off less secure app access to Google Workspace accounts

Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.

33 replies

Leave a reply

Your email address will not be published. Required fields are marked *

  1. Thank you! finally worked after I turned on 2-step verification and created an app specific password. 🙂 Toggling on Less Secure Apps and unblocking was not enough on it’s own.

  2. My ‘less secure ‘ application actually has multiple layers of password protection but doesn’t use recognised google security. Its a demo for a future system. Very frustrating when the demo fails like this,

    > bullet point 4 saved the day I had been allowing access but had obviously been blocked looked eveywhere but this article got me going.

    Thank you.

  3. I am using gmail web client(non gsuite) to send mail through my gsuite id. (gmail/settings/accounts and import/Send mail as/add another e-mail address)
    When I enable LSA in gsuite setting, it works. but the gmail web client is by google. right?

  4. Ok well thank you very much for this but it didn’t work for me. But then again Im on an Ipad trying to use google stuff. UGH lol

  5. Can I keep my secure settings on but allow in one particular app that is safe instead of disabling my secure settings?

    Thank you —

  6. Can you confirm if application-specific passwords will still work after the June 2020 changes? Or does all third-party “less secure” apps have to implement some sort of oauth 2 feature, manage the refresh token, etc.? My thought is that they will work given you have to turn on 2-factor authentication… which eliminates the LSA option.

  7. I was trying this a lot of time of configuring thunderbird portable. It kept giving me problem with username and password even after allowing less secure app. Finally i deleted the the thunderbird portable folder and reinstall it and configure it again (after allowing that option -less secure app). Now it works

  8. I had some issues with the security checks from Google. When you want to automate some tasks, manual verification can be a real headache. Thanks for the direct link to the Google Account option. Also, I have made a guide too with step by step images for turning on Less secure apps access.

  9. I was having problems for 7 days on password between outlook 2013 and Gmail, and not able to receive or send. please help urgently. Thanks. Dr Jack Tan

    1. Supposedly it can take up to 24 hours for the setting to take effect. I found that when I changed the setting through Chrome on a Win 10 laptop it was just being ignored (was trying to restore Outlook access to a Gmail account that had been working fine for years and suddenly stopped because of this grossly stupid idea), but when I changed the setting via Android phone it took effect right away and I was able to reconnect Outlook on my laptop immediately.

  10. After researching through various forums, KB articles, and working with Microsoft and Google support I was unable to complete a data migration from GMail to Outlook 365. THIS article resolved the issues I was dealing with. Wish I found it earlier… Thank you so much!

  11. JULY 2018

    IF THE ABOVE DOESNT MATCH THE OPTIONS YOU HAVE READ BELOW:

    While signed in/logged in to your Google account (important obviously) Click on your round profile circle on the right side of your browser.
    Click on the blue button that says “Google account”
    Click on the word “Sign-in & security” (with a blue lock icon on the left of the title)
    Scroll down ALL the way, the last option is a toggle that says “Allow less secure apps: OFF” Toggle this option.

      1. Thank you.
        Although we’re a long way down the road, your post from 2+ years ago took all MY guesswork out of the equation. That annoying ’email sign-in’ pop up is now a thing of the past.

  12. I am developing a powershell script that will use the send-mailmessage cmdlet to send a newsletter to a series of email addresses. This makes it more personal to the recipient than bcc-ing it to a distribution list, and also allows for some customization (i.e. the script will be able to insert the recipient’s first and last name).

    I will run this script only on my own windows 10 computer, and the only other “apps” that I will explicitly use there to logon to google/gmail are the chrome browser. So far the only way I have found to make this work is to enable less secure apps temporarily. My question is this: what might the impact be of leaving that setting in place? I understand the setting is in my google account, so would be open to anyone on any device using any app to connect. But if they knew my google password, they could already login and enable less secure apps anyway.

    So can you explain to me the risks of leaving that setting in the “ON” state?

      1. Thanks for the tip man, found myself in the same situation and this worked immediately and was easy to setup!