Your Gmail May Stop Working on 5/30/2022 When Google Removes the "Less secure apps" Option
The Problem
Google recently announced that starting 5/30/2022, in an effort to further increase the security of their email system, they will remove the "Less secure apps" option from consumer (free) Gmail accounts in an effort to block the use of older, less-secure third-party apps or devices.
Their new approach is called "Sign in with Google," which is based on the OAuth 2.0 security protocol.
This change only affects you if:
- 2-Step Verification is OFF in your Gmail account,
- and the "Less secure apps" option is ON,
- and you rely upon an older email program in your computer (or an older iPhone/iPad/Android app in your mobile device) to access your Gmail messages.
If your ability to use Gmail stops working soon after 5/30/2022, then the removal of that "Less secure apps" option is one likely explanation, especially if you're getting an "incorrect password" error and you're sure that you've entered the correct password.
This deadline does not apply to commercial (paid) Google Workspace accounts (previously known as Google Apps), but at some point in the future Google will announce a separate deadline for such accounts.
If you don't have a Gmail account then this issue does not directly affect you, but if you know someone who does, then you might suggest that they read this or research this issue on their own. See "Where to go from here" below for suggested searches that can help.
And as always, if this is too complicated or confusing for you to deal with on your own, I recommend that you ask someone that you know and trust to help you.
Background
Back in 2014, Google added the "Less secure apps" option to Gmail's account settings in order to improve security. Since then, this has meant that:
- If you use a third-party email program (like Microsoft Outlook, Apple Mail, Thunderbird, etc., not written by Google) or a generic mobile email app like "Mail," then you have to turn that "Less secure apps" option ON in order to send or receive messages through your Gmail account. Otherwise, you'll get a (misleading) "incorrect password" error and be unable to access your email.
- However, if you access your Gmail messages by going to the http://www.gmail.com website in your web browser (Google Chrome, Mozilla Firefox, Microsoft Edge or Internet Explorer, Safari, etc.), or you use the free Gmail app in your mobile device, then you don't have to worry about the "Less secure apps" option since you're using software written by Google.
- Also, if you're using 2-Step Verification in your Gmail account (Google's term for two-factor authentication) and you're currently able to access your Gmail messages, then the "Less secure apps" option doesn't affect you, either.
Note that Outlook is part of the Microsoft Office Home & Business package (not the Home & Student package) which you can buy as a one-time purchase, or as part of a Microsoft 365 home or business subscription (formerly known as Office 365).
Where is the "Less secure apps" option?
You can find the "Less secure apps" option as follows:
You won't see this option if you have enabled "2-Step Verification," or if you have a paid or large-organization account, or after 5/30/2022.
If you're currently able to access your email and the "Less secure apps" option is OFF in your Google account, then you won't be affected by this change.
Where to start if you are (or might be) affected by the removal of Gmail's "Less secure apps" security option
Start by making a list of the third-party programs (not written by Google) that you use which access your Google account, including:
- Computer: Which program (not written by Google) do you use to access your email? Popular ones include Microsoft Outlook, Apple Mail, Thunderbird, etc. Skip this step if you use a web browser to access your email.
- Mobile: Which iPhone, iPad, or Android app (not written by Google) do you use to access your email? The most likely generic one is called "Mail" on iOS and Android. Do not include the Gmail app.
- Computer: Do you use a backup program with an "email notification" option to notify you (through your Gmail account) whether each backup succeeded or failed? Popular programs with that feature include Macrium Reflect and Acronis True Image on Microsoft Windows, Carbon Copy Cloner and Super Duper on Macintosh. Time Machine on Macintosh does not offer email notification.
- Computer or Mobile: Do you use any other programs or apps that need access into your Gmail or Google account? That could include email add-on software, games that you play on a mobile device, web browser add-ons, plug-ins, or extensions, or apps that need access to your Google Calendar, Google Drive, Contacts, etc.
Then, for each computer program and mobile app you've identified above:
- Find out if the version you're currently using already supports the new "Sign in with Google" option. Some software companies use more obscure technical terms like "OAuth 2.0 email authentication for Gmail," "Google OAuth 2.0 Security," etc.
- If it doesn't, is there a newer version that does? Is that newer version that's compatible with your current computer or mobile device? What are the pros and cons of upgrading?
For example:
- Microsoft Outlook 2016 or earlier does not support "Sign in with Google," but Outlook 2019 or later does. If you have a Microsoft 365 subscription, you probably already have the latest version of Outlook.
- The backup program Macrium Reflect v7's email notification feature does not support "Sign in with Google," but Reflect v8 does.
What to do next
Once you have identified which programs and apps are affected by this change, for each program you have two choices:
If you want to continue using an older program or app that does not support "Sign in with Google" (OAuth 2.0):
- You will first have to turn on 2-Step Verification in your Google account. You will have to supply either a cell phone number or a landline; an alternate email address is not supported. Do not use a Google Voice number; since Google Voice is part of your Google account, you wouldn't be able to sign in to get that verification code because you would be required to enter that code first in order to sign in.
- Next, go into your Google account's security settings and generate an "app password" for that older program. Write it down (or copy and paste it) carefully, because you will never see it again. Note that you can only use it once (e.g., if you have multiple programs to authorize, you'll have to generate multiple app passwords), and if you change your Gmail account password, all of your previously-generated app passwords will become invalid.
- Then you would go into the settings in that older program and replace your regular Gmail email password with that generated app password. Note that some email programs and mobile apps require you to enter your email password in multiple places, typically one for incoming email and another for outgoing.
That should authorize your older program to access your Gmail.
If you can upgrade to a newer version that does support "Sign in with Google," you'll then need to find out:
- Is that newer version free, or is there an upgrade fee, or do you have to pay the regular price to purchase it?
- What's involved in moving to that newer version? How can you preserve all of your data and settings? For example, an email program typically has messages in various folders (Inbox, Sent, Drafts, etc.), contacts, and various settings for your incoming and outgoing servers, signatures, etc.
- Once you understand what's involved, you could choose to upgrade to that newer version.
If you have trouble researching this on your own, I suggest you contact the program's developer, or ask someone that you know and trust to help you.
Where to go from here
-
http://support.google.com/accounts/answer/6010255 - "Less secure apps & your Google Account"
- google: gmail "less secure apps"
- Where X is the name of the program or app that will need access into your Gmail account, google: X "sign in with google" OR "oauth 2.0"
- google: gmail generate app password
- google: gmail 2-step verification