It’s all about protecting your Google account.
What was once optional and something you could bypass with a setting in your Google account is about to become mandatory.
So called “less secure apps” will no longer be able to access your Gmail.
That might be a problem if you’re not prepared.
Become a Patron of Ask Leo! and go ad-free!
Less secure app access
Signing in to your Google account from an email program with just a username and password will soon stop working. Your alternatives are:
- Move to a new authentication approach, either handled automatically by your email program or by re-creating your email account in that program.
- Set up two-factor authentication and use an app password.
- Switch to using Gmail’s web interface.
Less secure apps
A “less secure app” is an app or program that accesses your Google Mail account using your email address (or a username) and your account password.
They are less secure not only because they offer no opportunity for additional security, like two-factor authentication, but also because Google has to implicitly rely on the security of the app itself. Are they handling your credentials securely? There’s no way to know. And if they’re not, your entire Google account is at risk.
So if you had to provide your email address and password to your email program when you configured it to access your Gmail account, that will stop working once less secure apps are denied after May 30.
The preferred solution
Fortunately, most modern email applications already support the preferred alternative. Using this alternative authentication method, the email program itself never sees your username or password (though of course they see the email address). Instead, when it comes time to authenticate, they ask the service being used to authenticate directly.
In the example above, I’m adding a Google Mail account to the Mail program in Windows 11. The Mail program hands off the job of authenticating to Google. While the Mail program is pictured in the background, the “Sign in with Google” dialog box on top of it is being managed by Google. When I sign in to the account, only Google sees my credentials.
Once I’ve signed in successfully, Google gives the Mail program a secure token that says in effect, “Yup, this account has been authorized.” The Mail program saves that token and uses it in all future requests.
Besides not requiring the program to know or store your password, this approach also allows you to use two-factor authentication, if required, when you set up the account.
Of course, your email program must support this type of authentication.
An alternate solution
If your email program is incapable of using this new approach to authentication, there is a possible workaround.
- Enable two-factor authentication.
- Use an app password.
App passwords are passwords created by Google that you can use in place of your normal password when configuring your email program. They’re available only when two-factor authentication is enabled for your account.
After enabling two-factor, you can have Google create app passwords here: myaccount.google.com/apppasswords. These passwords will not work for interactive logins, such as when you log in to Gmail.com to check your email, but they do work for POP3, IMAP, and SMTP access as used by your email program.
Once the change is made, your email program will no longer be able to fetch or send email. The question is what you do about it.
- The email program may provide you with Google’s new preferred authentication dialog, and after signing in, you’ll simply be able to carry on.
- The email program may prompt you for your password over and over again. Your account password will not work, but if you have two-factor turned on, an app password should.
- You may need to re-create or re-setup the account in the email program from scratch.
The app password approach is probably the easiest, but it’ll require you to set up two-factor authentication.
If you don’t want to use two-factor authentication and your current email program doesn’t support the new approach to authentication, then you’ll have to upgrade to an email program that does…
…or switch to managing your Google Mail via the web interface. Even this isn’t really a solution, however, since you still want an use an email program to downloading your email as a backup.
If you currently use Google Mail in an email program like Thunderbird, Microsoft Office Outlook, the Mail program included in Windows, or other third-party email programs, or if you have another email service like Yahoo or Outlook.com “fetch” your Google email using POP3, you’ll need to make a change for that to continue to work. Exactly what your options are depends on your email program.
But if that program suddenly starts failing to access your Gmail account or begins repeatedly asking you for a password, you now know what to do.
Subscribe to Confident Computing to stay on top of other changes as well. Less frustration and more confidence, solutions, answers, and tips in your inbox every week.