This article is for administrators. For actions users can take, go to Less secure apps & your Google Account.
You can block sign-in attempts from some apps or devices that are less secure. Apps that are less secure don't use modern security standards, such as OAuth, so increasing the risk of accounts and devices being compromised. Block these apps and devices to improve data safety.
Examples of apps that don’t support modern security standards include:
- Native mail, contacts, and calendar sync applications on older versions of iOS and OSX
- Some computer mail clients, such as older versions of Microsoft Outlook
Examples of apps that do support modern security standards are Gmail, Windows Mail, Outlook from Microsoft 365 (desktop version), Outlook for Mac, Instagram, PayPal, Amazon, Facebook, and Basecamp.
Note: When 2-step Verification is turned on for an account, access to less secure apps is automatically disabled, unless users are in a configuration group that allows access to less secure apps. Go to Manage access to less secure apps below.
Transitioning to more secure app access to Google Accounts
Blocking sign-ins from less secure apps helps keep accounts safe. For these reasons, Google is limiting password-based programmatic sign-ins to Google Accounts.
The less secure apps enforcement setting is no longer available in the Admin console.
Even though the enforcement option has been removed, you can still allow users to turn on or off access to less secure apps on their individual accounts. Google will turn off the setting on individual accounts for users who stop using it. Users can turn it back on until the setting is removed.
As Google gradually ends less secure apps access to Google Accounts, you’ll receive email notifications about changes that affect you.
As the enforcement option is no longer available, we recommend turning off less secure apps access now. Start using alternatives to less secure apps as soon as possible.
- Use apps in your company that use OAuth 2.0 authentication. Deploy new applications or update your existing apps to support OAuth 2.0 for authentication.
- If some users can’t migrate to a more secure platform, they can use alternatives.
| Less secure app | Alternative |
|---|---|
| Apple Mail configured with POP3 |
Re-add your Google Account to Apple Mail and configure it to use IMAP with OAuth. This automatically initiates the connection with OAuth. |
| iOS Mail |
Continue using iOS Mail as long as you have iOS 6.0 or later. OAuth support is automatically included in iOS 6.0 and later when you add an account using the Google option. |
|
Outlook for Windows via |
Google Workspace Sync for Microsoft Outlook (GWSMO). |
| Mozilla Thunderbird |
Re-add your Google Account to Thunderbird and configure it to use IMAP with OAuth. This automatically initiates the connection with OAuth. |
|
Legacy office devices Examples: scanners and multifunctional printers that send email |
Continue using legacy office devices with SMTP. Other protocols (such as POP3 and IMAP) will be blocked unless they use OAuth. |
| Any other app | Request that the app developer update the app to use OAuth 2.0. |
Manage access to less secure apps
You can allow users to turn on or off access to less secure apps or disable their ability to allow less secure apps.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Security
Less secure apps.
- To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
- Select the setting for less secure apps:
-
Disable access to less secure apps (Recommended)
Users can’t turn on access to less secure apps.
When you disable access to less secure apps while a less secure app has an open connection with a user account, the app will time out when it tries to refresh the connection. Timeout periods vary per app. - Allow users to manage their access to less secure apps
Users can turn on or turn off access to less secure apps.
-
- Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.
Monitor accounts that allow less secure apps
Use accounts reports to see whether users can allow less secure apps to access their accounts. For details, read Accounts reports.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
