Shubham Dixit, independent expert in email forensics and data file conversion

Reviewed by Shubham Dixit, Independent Expert in Email Forensics and Data File Conversion. Shubham is an external reviewer and not a PCDOTS employee.

Your email program suddenly cannot log into Gmail, and the old “allow less secure apps” switch is nowhere to be found. You are not doing anything wrong. Google removed that feature, on purpose, and it is not coming back. The good news is the replacements are better and the fix usually takes a couple of minutes.

Summary  Gmail less secure apps stopped working because Google retired the feature for security reasons. The modern fix is to use an app that signs in with Google over OAuth. If your app only takes a password, turn on 2-Step Verification and generate a Gmail app password to use in place of your normal one.

What actually happened to less secure apps?

Quick context, because it explains every fix below. The “less secure apps” setting let any program log into Gmail with just your email and password. Convenient, and also exactly how a stolen password let attackers straight into an inbox.

So Google turned the feature off for good. There is no toggle to switch it back on. Any guide telling you to re-enable less secure apps is out of date. The path forward is one of two modern methods, and which you need depends entirely on your app.

Shubham Dixit, Independent Email Forensics Expert

“Losing less secure apps was a good thing, even though it broke a lot of setups. A plain password handed to a desktop client is one leak away from a full account takeover. App passwords and OAuth both limit the blast radius, so treat this change as an upgrade you were going to need anyway, not just an inconvenience.”

Shubham Dixit · Independent Expert, Email Forensics and Data File Conversion

The proper fix: sign in with Google (OAuth)

If your email app is reasonably modern, it already supports the right method, and you do not need a password at all. Look for a Sign in with Google button when you add the account, instead of a plain password field.

  • Remove the failing Gmail account from your app, or start adding it fresh.
  • When prompted for the account type, choose the Google or OAuth option rather than a manual password setup.
  • A Google sign in window opens. Log in there and approve the access request.
  • The app connects without you ever typing your password into it.

This is the route Google wants you on, and it is the most secure. Recent versions of Outlook, Thunderbird, Apple Mail and most mobile mail apps all offer it. If yours does, use this and you are done. If your app is older and only has a password box, use the fallback below.

The fallback: a Gmail app password

For an app that can only take an email and password, Google offers app passwords. These are 16 character one off passwords tied to a single app, so a leak of one does not expose your whole account. They require 2-Step Verification first.

  • Go to your Google Account, open Security, and turn on 2-Step Verification if it is not already on.
  • Back in Security, open the App passwords page.
  • Enter a name for the app, for example your mail client’s name, and click Generate.
  • Copy the 16 character password Google shows you.
  • In your email app, paste this app password into the password field instead of your normal Gmail password.

One honest caveat for 2026. Google has been narrowing where app passwords are allowed, and some account types, especially managed Workspace accounts, may not offer them at all. If you do not see the App passwords option, your account is OAuth only, so go back to the Sign in with Google method above.

Still getting blocked? Check these

If neither method connects yet, one of these is usually the reason.

  • IMAP is off. In Gmail settings, under Forwarding and POP/IMAP, make sure IMAP access is enabled.
  • You used your normal password. With the fallback method, the app password is required. Your everyday password will keep failing.
  • 2-Step Verification is off. App passwords simply do not appear until 2-Step Verification is turned on.
  • A Workspace admin policy. On a work account, an administrator may have to allow the connection or the app entirely.

If you just want your Gmail out

Some people hit this wall while trying to back up or move their mail off Gmail, not just read it. If that is you, two options.

Google’s own free Google Takeout exports your full mailbox as an MBOX file, no third party access needed. For a more selective backup, or to save directly as PST, PDF or EML, the PCDOTS Email Converter connects with the same app password and lets you pick exactly which folders to keep. We walked through that wider Gmail move in the G Suite to Office 365 guide if you are switching platforms entirely.

People also ask

Can I still turn on less secure apps in Gmail?

No. Google permanently removed the less secure apps setting, so there is no way to re-enable it. Use Sign in with Google over OAuth, or generate an app password, depending on what your email app supports.

What is a Gmail app password and how do I get one?

An app password is a 16 character password tied to a single app, used in place of your normal Gmail password. Turn on 2-Step Verification, open the App passwords page in your Google Account security settings, generate one and paste it into your email app.

Why is my Gmail password not working in my email app?

Because Google no longer accepts your regular password from third party apps. You either sign in through the Google OAuth window or use a generated app password instead. The everyday password will keep being rejected.

I do not see the app passwords option. What now?

That usually means your account is set to OAuth only, common on managed Workspace accounts, or 2-Step Verification is off. Turn on 2-Step Verification first, and if the option still does not appear, use the Sign in with Google method instead.

Is using an app password safe?

Yes. An app password only works for the one app you created it for and can be revoked any time without changing your main password, so it is far safer than the old less secure apps setting it replaced.

One last thing

The end of less secure apps felt like Google breaking your setup, but it closed a real security hole. Pick the method that matches your app, OAuth if it is offered, an app password if it is not, and your mail connects again with a lot less risk attached. If the App passwords option is missing, that is Google telling you the account is OAuth only, not that something is broken.

Take two minutes now to switch the method over, and you will not have to think about this again.