Allowing Less Secure Email Programs Access to Gmail

Older email apps might not meet Google's security requirements

Google's Gmail allows other email clients to access your account using POP and IMAP, two protocols most clients and email systems support. For security, however, Google blocks connections from email clients that do not meet its minimum security requirements. If your email program is below these minimums, you have a couple options.

One possibility is updating your mail client software. For example, the Mail app on iPads and iPhones with iOS version 6 or earlier is not secure enough to access Gmail. Update your device's software to the latest version, which will include an updated Mail app compatible with Gmail security.

The safest, most secure solution is to update your app or email software if its latest version meets Google's security requirements.

Another option—which Google does not recommend because it weakens the security of your account—is to change the settings in your Gmail account to allow less secure apps access to it. For some situations, this step may be necessary, so having this option is convenient if a bit risky.

Gmail accounts with two-step verification enabled cannot be set to basic authentication that allows less secure apps to connect.

How to Give Less Secure Apps Access to Gmail

Follow these simple steps to set your Gmail account to basic authentication, which allows less secure apps and email clients to connect to your Gmail account through IMAP or POP.

  1. Click your profile image in the top right corner of the Gmail page.

  2. Click Google Account.

    A screenshot of Gmail with the Google Account button highlighted
  3. Click Security.

    A screenshot of a Google Account page with the Security tab highlighted
  4. Scroll down to Less secure app access and click Turn on access.

    A screenshot of Google's Security page with the "Turn on access" command highlighted

Gmail's Security

Gmail allows email programs and add-ons to access your messages, labels, and contacts securely by using OAuth. This method ensures that the email client never receives nor stores your Gmail password. OAuth also allows you to restrict access to certain data or to completely revoke access to individual apps as you like and at any time.

Switching to the basic security settings and allowing less secure apps to access your Gmail account brings traditional plain-text password authentication into play, which is inherently less secure. You give your password to the email app (which may store it in an unsecured fashion, though most apps do take care to save passwords securely), and your password may be sent over the internet in plain text; this makes it vulnerable to outsiders who are given to password snooping. Basic authentication also doesn't give you the ability to control access in the fine-tuned, app-specific way that Gmail's enhanced security allows.

Was this page helpful?