Control access to less secure apps

This article is for administrators. For actions users can take, go to Less secure apps & your Google Account.

You can block sign-in attempts from some apps or devices that are less secure. Apps that are less secure don't use modern security standards, such as OAuth, so increasing the risk of accounts and devices being compromised. Block these apps and devices to improve data safety.

Examples of apps that don't support modern security standards include:

  • ​Native mail, contacts, and calendar sync applications on older versions of iOS and OSX​
  • ​Some computer mail clients, such as older versions of Microsoft Outlook

Examples of apps that do support modern security standards are Gmail, Windows Mail, Office 365, Outlook for Mac, Instagram, PayPal, Amazon, Facebook, and Basecamp.

Note:When 2-step Verification is turned on for an account, access to less secure apps is automatically disabled.

Transitioning to more secure app access to Google Accounts

Blocking sign-ins from less secure apps helps keep accounts safe. For these reasons, Google is limiting password-based programmatic sign-ins to Google Accounts.

If you allow sign-ins from less secure apps

Even though the enforcement option has been removed, you can still allow users to turn on or off access to less secure apps on their individual accounts. Google will turn off the setting on individual accounts for users who stop using it. Users can turn it back on until the setting is removed.

As Google gradually ends less secure apps access to Google Accounts, you'll receive email notifications about changes that affect you.

Use alternatives to less secure apps

As the enforcement option is no longer available, we recommend turning off less secure apps access now. Start using alternatives to less secure apps as soon as possible.

  • Use apps in your company that use OAuth 2.0 authentication. Deploy new applications or update your existing apps to support OAuth 2.0 for authentication.
  • If some users can't migrate to a more secure platform, they can use alternatives.
Less secure app Alternative
Apple Mail configured with POP3

Re-add your Google Account to Apple Mail and configure it to use IMAP with OAuth.

This automatically initiates the connection with OAuth.

iOS Mail

Continue using iOS Mail as long as you have iOS 6.0 or later.

OAuth support is automatically included in iOS 6.0 and later when you add an account using the Google option.

Outlook for Windows via
password-based POP or IMAP

Google Workspace Sync for Microsoft Outlook (GWSMO).
Web-based or latest version of Outlook.

About Google Workspace Sync for Microsoft Outlook

Mozilla Thunderbird

Re-add your Google Account to Thunderbird and configure it to use IMAP with OAuth.

This automatically initiates the connection with OAuth.

Legacy office devices

Examples: scanners and multifunctional printers that send email

Continue using legacy office devices with SMTP. Other protocols (such as POP3 and IMAP) will be blocked unless they use OAuth.
Any other app Request that the app developer update the app to use OAuth 2.0.

Manage access to less secure apps

You can allow users to turn on or off access to less secure apps or disable their ability to allow less secure apps.

  1. From the Admin console Home page, go to Security and then Less secure apps.

  2. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
  3. Select the setting for less secure apps:
    • Disable access to less secure apps  (Recommended)
      Users can't turn on access to less secure apps.
      When you disable access to less secure apps while a less secure app has an open connection with a user account, the app will time out when it tries to refresh the connection. Timeout periods vary per app.

    • Allow users to manage their access to less secure apps
      Users can turn on or turn off access to less secure apps.
  4. ClickSave.

Monitor accounts that allow less secure apps

Use accounts reports to see whether users can allow less secure apps to access their accounts. For details, read Accounts reports.


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?