This article is for administrators. For actions users can take, go to Less secure apps & your Google Account.
Starting in January 2025, Google Workspace accounts will no longer support less secure apps, third-party apps or devices that ask you to sign in to your Google Account using only your username and password. For exact dates, visit Google Workspace Updates. To access apps, you must use OAuth. To prepare for this change, review the details in Transition from less secure apps to OAuth.
You can block sign-in attempts from some apps or devices that are less secure. Apps that are less secure don't use modern security standards, such as OAuth, increasing the risk of accounts and devices being compromised. Block these apps and devices to improve data safety.
Examples of apps that don’t support modern security standards include:
- Native mail, contacts, and calendar sync applications on older versions of iOS and OSX
- Some computer mail clients, such as older versions of Microsoft Outlook
Examples of apps that do support modern security standards are Gmail, Windows Mail, Outlook from Microsoft 365 (desktop version), Outlook for Mac, Instagram, PayPal, Amazon, Facebook, and Basecamp.
Note: When 2-step Verification is turned on for an account, access to less secure apps is automatically disabled, unless users are in a configuration group that allows access to less secure apps. Go to Manage access to less secure apps below.
Transitioning to more secure app access to Google Accounts
Blocking sign-ins from less secure apps helps keep accounts safe. For these reasons, Google is limiting password-based programmatic sign-ins to Google Accounts.
The less secure apps enforcement setting is no longer available in the Admin console.
Even though the enforcement option has been removed, you can still allow users to turn on or off access to less secure apps on their individual accounts. Google will turn off the setting on individual accounts for users who stop using it. Users can turn it back on until the setting is removed.
As Google gradually ends less secure apps access to Google Accounts, you’ll receive email notifications about changes that affect you.
As the enforcement option is no longer available, we recommend turning off less secure apps access now. Start using alternatives to less secure apps as soon as possible.
- Use apps in your company that use OAuth 2.0 authentication. Deploy new applications or update your existing apps to support OAuth 2.0 for authentication.
- If some users can’t migrate to a more secure platform, they can use alternatives.
Less secure app | Alternative |
---|---|
Apple Mail configured with POP3 |
Re-add your Google Account to Apple Mail and configure it to use IMAP with OAuth. This automatically initiates the connection with OAuth. |
iOS Mail |
Continue using iOS Mail as long as you have iOS 6.0 or later. OAuth support is automatically included in iOS 6.0 and later when you add an account using the Google option. |
Outlook for Windows via |
Google Workspace Sync for Microsoft Outlook (GWSMO). |
Mozilla Thunderbird |
Re-add your Google Account to Thunderbird and configure it to use IMAP with OAuth. This automatically initiates the connection with OAuth. |
Office devices Examples: scanners and multifunctional printers that send email |
To continue using office devices with SMTP, IMAP and POP3 protocols, either configure them to use OAuth or create an app password for use with the device. |
Any other app | Request that the app developer update the app to use OAuth 2.0. |
Manage access to less secure apps
Watch the video
Manage access to less secure apps
To manage a user’s access to less secure apps
You can allow users to turn on or off access to less secure apps or disable their access to less secure apps.
Before you begin: If needed, learn how to apply the setting to a department or group.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu SecurityAccess and data controlLess secure apps.
-
(Optional) To apply the setting only to some users, at the side, select an organizational unit (often used for departments) or configuration group (advanced). Show me how
Group settings override organizational units. Learn more
- Select the setting for less secure apps:
-
Disable access to less secure apps (Recommended)
Users can’t turn on access to less secure apps. If you select this option while a less secure app already has an open connection with a user account, the app will time out when it tries to refresh the connection. Timeout periods vary per app. - Allow users to manage their access to less secure apps
Users can turn on or off access to less secure apps.
-
-
Click Save. Or, you might click Override for an organizational unit.
To later restore the inherited value, click Inherit.
Monitor accounts that allow less secure apps
Use accounts reports to see whether users can allow less secure apps to access their accounts. For details, read Accounts reports.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.