Control access to less secure apps

This article is for administrators. For actions users can take, go to Less secure apps & your Google Account.

Starting in January 2025, Google Workspace accounts will no longer support less secure apps, third-party apps or devices that ask you to sign in to your Google Account using only your username and password. For exact dates, visit Google Workspace Updates. To access apps, you must use OAuth. To prepare for this change, review the details in Transition from less secure apps to OAuth.  

You can block sign-in attempts from some apps or devices that are less secure. Apps that are less secure don't use modern security standards, such as OAuth, increasing the risk of accounts and devices being compromised. Block these apps and devices to improve data safety.

Examples of apps that don’t support modern security standards include:

  • ​Native mail, contacts, and calendar sync applications on older versions of iOS and OSX​
  • ​Some computer mail clients, such as older versions of Microsoft Outlook

Examples of apps that do support modern security standards are Gmail, Windows Mail, Outlook from Microsoft 365 (desktop version), Outlook for Mac, Instagram, PayPal, Amazon, Facebook, and Basecamp.

Note: When 2-step Verification is turned on for an account, access to less secure apps is automatically disabled, unless users are in a configuration group that allows access to less secure apps. Go to Manage access to less secure apps below.

Transitioning to more secure app access to Google Accounts

Blocking sign-ins from less secure apps helps keep accounts safe. For these reasons, Google is limiting password-based programmatic sign-ins to Google Accounts.

Expand all  |  Collapse all

Notice of setting removal

The less secure apps enforcement setting is no longer available in the Admin console.

If you allow sign-ins from less secure apps

Even though the enforcement option has been removed, you can still allow users to turn on or off access to less secure apps on their individual accounts. Google will turn off the setting on individual accounts for users who stop using it. Users can turn it back on until the setting is removed.

As Google gradually ends less secure apps access to Google Accounts, you’ll receive email notifications about changes that affect you.

Use alternatives to less secure apps

As the enforcement option is no longer available, we recommend turning off less secure apps access now. Start using alternatives to less secure apps as soon as possible.

  • Use apps in your company that use OAuth 2.0 authentication. Deploy new applications or update your existing apps to support OAuth 2.0 for authentication.
  • If some users can’t migrate to a more secure platform, they can use alternatives.
Less secure app Alternative
Apple Mail configured with POP3

Re-add your Google Account to Apple Mail and configure it to use IMAP with OAuth.

This automatically initiates the connection with OAuth.

iOS Mail

Continue using iOS Mail as long as you have iOS 6.0 or later.

OAuth support is automatically included in iOS 6.0 and later when you add an account using the Google option.

Outlook for Windows via
password-based POP or IMAP

Google Workspace Sync for Microsoft Outlook (GWSMO).
Web-based or latest version of Outlook.

About Google Workspace Sync for Microsoft Outlook

Mozilla Thunderbird

Re-add your Google Account to Thunderbird and configure it to use IMAP with OAuth.

This automatically initiates the connection with OAuth.

Office devices

Examples: scanners and multifunctional printers that send email

To continue using office devices with SMTP, IMAP and POP3 protocols, either configure them to use OAuth or create an app password for use with the device.
Any other app Request that the app developer update the app to use OAuth 2.0.

Manage access to less secure apps

Watch the video

Manage access to less secure apps

To manage a user’s access to less secure apps

You can allow users to turn on or off access to less secure apps or disable their access to less secure apps.

Before you begin: If needed, learn how to apply the setting to a department or group.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to  Menu and then Securityand thenAccess and data controland thenLess secure apps.
  3. (Optional) To apply the setting only to some users, at the side, select an organizational unit (often used for departments) or configuration group (advanced). Show me how

    Group settings override organizational units. Learn more

  4. Select the setting for less secure apps:
    • Disable access to less secure apps (Recommended)
      Users can’t turn on access to less secure apps. If you select this option while a less secure app already has an open connection with a user account, the app will time out when it tries to refresh the connection. Timeout periods vary per app.

    • Allow users to manage their access to less secure apps
      Users can turn on or off access to less secure apps.
  5. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit

Monitor accounts that allow less secure apps

Use accounts reports to see whether users can allow less secure apps to access their accounts. For details, read Accounts reports.


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Main menu
9038731491751130918
true
Search Help Center
true
true
true
true
true
73010
false
false