Accessing Gmail & Google Workspace without “Less Secure Apps”
Google removed the “Allow Less Secure Apps” option for all personal (Gmail) accounts on May 30, 2022, and fully disabled this feature for Google Workspace (formerly G Suite) on February 15, 2021. All applications must now meet Google’s modern security standards, typically by using OAuth 2.0 or an App Password created under a Google account with 2-Step Verification (2FA) enabled.
What Does This Mean for You?
If you have an older application or device that needs to access your Gmail or Google Workspace account, you can no longer toggle “Allow Less Secure Apps” to make it work. Instead, you must do one of the following:
- Use OAuth 2.0 Sign-In: Most modern email or productivity apps (e.g., Outlook 365, Apple Mail on newer macOS versions, Thunderbird) support OAuth 2.0. You’ll be prompted to log in to your Google Account in a browser window instead of entering your Google password directly in the app.
- Enable 2-Step Verification and Create an App Password: If your application doesn’t support OAuth 2.0, you can still connect using a unique “App Password” if you have 2FA enabled.
- First, follow our guide: How to Enable 2-Step Verification in Your Google Account
- Then, Create an App Password and use that 16-character password in place of your normal Google password.
- Upgrade Your Application: If your app is too old to support OAuth 2.0 or App Passwords, you may need to upgrade to a newer version or switch to a modern app that meets Google’s security standards.
I Still Can’t Log In…
If you’ve enabled 2FA, created an App Password, or tried using OAuth and still can’t access your account, here are a few troubleshooting steps:
- Double-Check Credentials: Ensure you’re using the App Password (not your usual Google password) if your application doesn’t support OAuth 2.0.
- Check Application Updates: If you’re using an older version of Outlook or another email client, update to the latest release. Older apps often lack the up-to-date security protocols that Google requires.
Google Workspace Admins
For organizations using Google Workspace, Google enforces stricter policies to protect user data. The “Allow Less Secure Apps” toggle was fully removed on February 15, 2021. To enable older apps to function securely, you must guide your users to set up 2-Step Verification (2FA) and use App Passwords, or transition them to apps that support OAuth 2.0.
As a Google Workspace Admin, you can:
- Enforce 2-Step Verification Policies: Require all users to enable 2FA to maintain account security.
- Configure App Access Control: Under your Admin console’s Security settings, set policies allowing or blocking specific types of apps. “Less Secure Apps” are no longer an option.
- Encourage OAuth 2.0 Migration: Ensure any internal or third-party tools use OAuth 2.0 to connect with Google services (Gmail, Calendar, Contacts, etc.).
Conclusion
The old “Allow Less Secure Apps” switch is gone for both personal Gmail and Google Workspace. To continue using older applications or devices, you must enable 2-Step Verification and generate an App Password or upgrade to a service that supports OAuth 2.0. If you need more guidance, check out these resources:
By adopting these measures, you’ll ensure your Google account or Google Workspace environment remains both accessible and secure.
Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.
Thank you! finally worked after I turned on 2-step verification and created an app specific password. 🙂 Toggling on Less Secure Apps and unblocking was not enough on it’s own.
can please tell detaildetails
https://support.google.com/accounts/thread/99359149?hl=en&msgid=99360866
Thank you!
My ‘less secure ‘ application actually has multiple layers of password protection but doesn’t use recognised google security. Its a demo for a future system. Very frustrating when the demo fails like this,
> bullet point 4 saved the day I had been allowing access but had obviously been blocked looked eveywhere but this article got me going.
Thank you.
I am using gmail web client(non gsuite) to send mail through my gsuite id. (gmail/settings/accounts and import/Send mail as/add another e-mail address)
When I enable LSA in gsuite setting, it works. but the gmail web client is by google. right?
Ok well thank you very much for this but it didn’t work for me. But then again Im on an Ipad trying to use google stuff. UGH lol
Thankyou very much , it worked after hours of trying to get thunderbird to work .
thanks a lot, this is really helpful
After searching for hours your fix worked first time! Thanks
This worked for me.
“Allow less secure apps: OFF,” select the toggle switch to turn ON.
Can I keep my secure settings on but allow in one particular app that is safe instead of disabling my secure settings?
Thank you —
Can you confirm if application-specific passwords will still work after the June 2020 changes? Or does all third-party “less secure” apps have to implement some sort of oauth 2 feature, manage the refresh token, etc.? My thought is that they will work given you have to turn on 2-factor authentication… which eliminates the LSA option.
Hey, I had the same question. We’re you able to get an answer for this?
I was trying this a lot of time of configuring thunderbird portable. It kept giving me problem with username and password even after allowing less secure app. Finally i deleted the the thunderbird portable folder and reinstall it and configure it again (after allowing that option -less secure app). Now it works
If you don’t want to use 2factor auth, after Allowing less secure apps, you should also visit this before trying to access google account via third party: https://accounts.google.com/b/0/DisplayUnlockCaptcha
I had some issues with the security checks from Google. When you want to automate some tasks, manual verification can be a real headache. Thanks for the direct link to the Google Account option. Also, I have made a guide too with step by step images for turning on Less secure apps access.
I was having problems for 7 days on password between outlook 2013 and Gmail, and not able to receive or send. please help urgently. Thanks. Dr Jack Tan
Thanks. It saved me.
i dont know why, but
its not working
Supposedly it can take up to 24 hours for the setting to take effect. I found that when I changed the setting through Chrome on a Win 10 laptop it was just being ignored (was trying to restore Outlook access to a Gmail account that had been working fine for years and suddenly stopped because of this grossly stupid idea), but when I changed the setting via Android phone it took effect right away and I was able to reconnect Outlook on my laptop immediately.
After researching through various forums, KB articles, and working with Microsoft and Google support I was unable to complete a data migration from GMail to Outlook 365. THIS article resolved the issues I was dealing with. Wish I found it earlier… Thank you so much!
👍
Thanks
This worked perfectly for me! Much easier than the directions provided by Google.
Many Thanks!
JULY 2018
IF THE ABOVE DOESNT MATCH THE OPTIONS YOU HAVE READ BELOW:
While signed in/logged in to your Google account (important obviously) Click on your round profile circle on the right side of your browser.
Click on the blue button that says “Google account”
Click on the word “Sign-in & security” (with a blue lock icon on the left of the title)
Scroll down ALL the way, the last option is a toggle that says “Allow less secure apps: OFF” Toggle this option.
Does this link not bring you straight to that setting?
https://myaccount.google.com/lesssecureapps
Thank you.
Although we’re a long way down the road, your post from 2+ years ago took all MY guesswork out of the equation. That annoying ’email sign-in’ pop up is now a thing of the past.
Thank you finally got the problem resolved.
Appreciate it.
I am developing a powershell script that will use the send-mailmessage cmdlet to send a newsletter to a series of email addresses. This makes it more personal to the recipient than bcc-ing it to a distribution list, and also allows for some customization (i.e. the script will be able to insert the recipient’s first and last name).
I will run this script only on my own windows 10 computer, and the only other “apps” that I will explicitly use there to logon to google/gmail are the chrome browser. So far the only way I have found to make this work is to enable less secure apps temporarily. My question is this: what might the impact be of leaving that setting in place? I understand the setting is in my google account, so would be open to anyone on any device using any app to connect. But if they knew my google password, they could already login and enable less secure apps anyway.
So can you explain to me the risks of leaving that setting in the “ON” state?
Al, for best security practise, you should set up 2-Step Verification on your Google Account and then create an App Specific Password for Send-MailMessage. This way, if your app is ever compromised, the attacker only has the App Specific Password and cannot compromise your entire Google Account.
Thanks for the tip man, found myself in the same situation and this worked immediately and was easy to setup!
👍