If an app or device needs access to any part of your Google account — like your Gmail — it has two options. The first is to use an OAuth token, which allows you to log in without transferring any username or password data. The second is to log in directly to your G Suite account with username and password. Google considers this second type of app to be “less secure apps.”
Google limits the ability of “less secure apps,” or LSAs, to connect to things like Gmail. This means that with certain apps, like older versions of Outlook, some IMAP email clients and CalDV calendars, you won’t be able to log in to Gmail — at least, not with default settings.
Right now, you can keep using these less secure apps with a quick change to your G Suite settings.
To enable access to less secure apps on your Google account, follow these steps:
You should be able to log in to your Gmail account from the less secure app now. You may need to complete a display captcha before you can connect.
In some cases, however, allowing LSAs won’t be enough to log in with one of these apps.
If your account has two-step verification enabled, you’ll need to follow these steps, instead:
Typically, you’ll only need to enter the App Password once or twice for a device.
If your account is managed by an administrator — which is common for work or organizational accounts — your administrator may have disabled access to less secure apps. In this case, changing the setting on your account won’t be enough to enable app access.
In 2019, Google announced that the company would eventually ban less secure apps from connecting to G suite accounts altogether. Originally, Google planned to limit app access starting on June 15, then completely block less secure apps starting in February 2021.
In March 2020, however, Google announced that it would be delaying the phase-out indefinitely, primarily due to the impact of COVID-19 on app developers.
For the moment, you can still connect less secure app access to Gmail. However, you can’t plan on that always being the case
If you use an app that is less secure, you should plan to upgrade. For some apps, like older versions of Outlook, a quick update may be enough to solve this problem. For others, you may need to wait for an update or switch to an app that is considered secure by Google.
Devices that use less secure sign-in will probably be safer than apps. Some scanners, for example, use “less secure” sign-in methods to log-in to email accounts and send finished scans.
According to Google’s 2019 blog post, scanners that use simple mail transfer protocol (SMTP) or LSAs to send emails will continue to work, even after the phase-out. Google does, however, recommend you find a scanner that uses OAuth if you upgrade.
