Control access to less secure apps

This article is for administrators. For actions users can take, see Less secure apps & your Google Account.

You can block sign-in attempts from some apps or devices that are less secure. Apps that are less secure don't use modern security standards, such as OAuth. Using apps and devices that don’t use modern security standards increases the risk of accounts being compromised. Blocking these apps and devices helps keep your users and data safe.

Examples of apps that don’t support modern security standards include:

  • ​Native mail, contacts, and calendar sync applications on older versions of iPhone, iPad, and OSX
  • ​The mail application on Windows Phone versions earlier than 8.1
  • ​Some computer mail clients such as Microsoft Outlook and Mozilla Thunderbird

Examples of apps that do support modern security standards are Gmail, Instagram, PayPal, Amazon, Facebook, Windows Mail, and Basecamp.

Manage access to less secure apps

You can allow users to turn on or off access by less secure apps, disable their ability to allow less secure apps, or force users to always allow less secure apps.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Securityand thenBasic settings.

    To see Security on the Home page, you might have to click More controls at the bottom.

  3. Under Less secure apps, select Go to settings for less secure apps.

  4. On the left, select an organizational unit where you want to manage access to less secure apps.
    • If you don’t select an organizational unit, your setting applies to your entire top-level organization.
    • If you want an organizational unit to use the same setting as its parent organization, click Use Inherited on the top right.
  5. Select an option:
    • Disable access to less secure apps for all users (Recommended)
      Access to less secure apps is disabled for everyone. Users can’t turn on access to less secure apps.
      When you disable access to less-secure apps while a less-secure app has an open connection with a user account, the app will time out when it tries to refresh the connection. Timeout periods vary per app.
    • Allow users to manage their access to less secure apps
      Users can turn on or turn off access to less secure apps.
    • Enforce access to less secure apps for all users (Not recommended)
      Access to less secure apps is required for everyone. Users can’t turn off access to less secure apps.
      This option isn't recommended, because it potentially increases the exposure of user accounts to hijacking. Use this option only when you want to ensure that access by a less secure app is available to all users for a limited time, such as for an upgrade.
  6. On the bottom right, click Save.

Monitor accounts that allow less secure apps

Use Account Activity Reports to see whether users can allow less-secure apps to access their accounts. On the toolbar, click Select columns Select columns to add less secure apps status to the report.

 

Was this helpful?
How can we improve it?