How to Allow Gmail Access for Less Secure Email Programs or Services
To enable ’less secure apps’ email programs to access Gmail if your account is not set to use multi-factor authentication:
How to Generate an App Password
With multi-factor authentication activated, you’ll need to confirm account activities like logins and account changes with both a username-and-password credential as well as either a code generated by an app or a text message, or a hardware token. With multi-factor authentication active, you cannot enable the “less secure access” feature, becuase that feature still uses your Google Account password. Instead, you’ll need an app password, which is a single-use, revocable credential you’ll use with a single program or service. To generate an app password:
Google’s Approach to App Security
Gmail insists that you avoid common security gaps that lead to compromised accounts. This secure-by-design approach prevents you from choosing less-protected approaches to email management that seem convenient but open your account to additional security holes. Available apps include Mail, Calendar, Contacts, YouTube, and Other. When you select an app, you’re describing for your own benefit what you’re doing, so that if you generate a long list of app passwords and you need to revoke one, it’ll be easier to find the relevant account. Available devices include iPhone, iPad, BlackBerry, Mac, Windows Phone, Windows Computer, and Other. If you select Other, you’ll be prompted to free-text the app and device. Specifying an app and a device does not constrain the account access — a device using an app password still has full access to your Google Account. Google deems an app “less secure” if the app cannot be easily disconnected from your Google Account, cannot connect using an app-specific password, cannot be limited to what data it accesses from your account, and refuses to disclose the level of access the app requires when you connect to it. By default, apps that fail Google’s criteria cannot connect to your Google Account, including to Gmail. You can, however, bypass this security setting with a configuration tweak within your Google Account.