Giving Less Secure Email Apps Access to Gmail

Older email apps may not meet Google's security requirements

Locked smartphone line drawing superimposed over settings gears

Alpesh Ambalal Patel/Getty Images

Gmail allows email clients to access your account using POP and IMAP, two protocols most clients and email systems support. However, for greater security, Google blocks connections from email clients that do not meet its minimum security requirements. If your email program is below these minimums, you have a couple options available to you.

One possibility is updating your mail client software. For example, the Mail app on iPads and iPhones with iOS version 6 or earlier is not secure enough to access Gmail. You can update your device's software to the latest version, which will include an updated Mail app compatible with Gmail security.

The safest and most secure solution is to update your app or email software if that software's latest version meets Google's security requirements.

Another option — and this one is not recommended by Google as it weakens Gmail's security with respect to your account — is to change the settings in your Gmail account to allow less secure apps access to it. For some situations, this step may be necessary, so having the option to do this is convenient but a bit risky.

Gmail accounts with 2-Step Verification enabled cannot be set to basic authentication that allows less secure apps to connect.

How to Give Less Secure Apps Access to Gmail

Follow these simple steps to set your Gmail account to basic authentication, which allows less secure apps and email clients to connect to your Gmail account through IMAP or POP.

  1. Click your profile image in the top right corner of the Gmail page.

  2. Click the Google Account button.

  3. Click the Sign-in & Security link.

  4. Scroll down to the App with account access section.

  5. Click the switch next to Allow less secure apps so that it is set to ON.

Gmail's Security

Gmail allows email programs and add-ons to securely access your messages, labels, and contacts by using OAuth. This method ensures that the email client never receives nor stores your Gmail password. OAuth also allows you to restrict access to certain data that is accessible or to completely revoke access to individual apps as you like and at any time.

Switching to the basic security settings and allowing less secure apps to access your Gmail account brings traditional plain-text password authentication into play, which is inherently less secure. You give your password to the email app (which may store it in an unsecured fashion, though most apps do take care to securely save passwords), and your password may be sent over the internet in plain text, which is susceptible to outsiders who are given to password snooping. Basic authentication also doesn't give you the ability to control access in a fine-tuned, app-specific way that Gmail's enhanced security allows.