How to keep IMAP access to gmail after May 30?

Question

Google has been kind enough to give lots of advance notice that it will stop providing "Less secure app access" to third party applications (image of email below). I use Outlook 2013 and 2019 (desktop app, not Office 365) to access gmail via IMAP. The email also advised that I need to upgrade to Outlook 2019.

I just did a test by turning off "Less secure app access". Neither Outlook 2013 nor 2019 is able to access Gmail's IMAP servers. I have been unable to find the details of what specific things make access "less secure" so that I can try to redress the problem.

What do I have to do to make Outlook 2019 work without "Less secure app access"? Do I have to choose a different encryption? This question applies to Outlook 2019 on my home laptop.

Even if you don't want to share details about how you did it, it would be useful to know whether anyone has made this work (for Outlook 2019 desktop app, not as part of Office 365).

Even if you had to move to a paid Gmail account to get this to work, thanks if you can share this fact, and (only if you like), the details behind the procedure.

Can I do the same with Outlook 2013? If not, this presents a problem. It is on a work laptop, and I don't believe that I am free to install my own commercial software on it. Normally, work laptops connect to Exchange servers behind a firewall. This particular laptop is meant to be used outside of the firewall, so it uses IMAP to connect to gmail.

For the work laptop, even if I could upgrade to Outlook 2019, there is the additional problem that Outlook 2019 seems to work much, much more slowly and less reliably than 2013. At least that's been my experience - though it could be due to the lesser horse power on my home laptop.

Things tried #1

I first disallowed less secure apps.

As per one a comment in one of the answers, I followed page "Set up Gmail with a third-party email client". The relevant section seemed to be:

Set up Gmail with Microsoft Outlook
- Set up Gmail with Outlook on a PC

Therein, I followed a link to "Add a Gmail account to Outlook for Windows". As shown there, I chose File -> Add Account. Thereafter, I tried the non-manual (automatic) setup:

It failed:

Things tried #2

I then tried the manual setup without Secure Password Authentication (SPA):

It's obvious now that the reason for the failure of the automatic setup is that "automatic" means O365 speifically. After entering the fields for IMAP as shown, I clicked on "More settings":

The above settings are consistent with the page Check Gmail through other email platforms, section "Step 2: Change SMTP & other settings in your email client".

However, the connection to IMAP and SMPT servers for incoming and outgoing email still failed:

So my attempts to set up Oauth2 using "manual" setup of the Outlook client also failed.

Things tried #3

I thought I could try the non-manual setup again, but first enabling Oauth2 on the server side. I then followed Recommendations for setting up IMAP. However, the procedure requires login at admin.google.com, which "is used for Google Workspace[/Cloud] accounts only" (formerly called G Suite). This is explained a bit here and slightly better here.

This is a personal email account, so I don't have Google Workspace. I looked to see if it can be gotten free, but while one might be able to get a similar effect with a free account, I doubt that you will actually get a Google Workspace account.

Things tried #4

Following suggestions, I tried manual setup with Secure Password Authentication (SPA). Less secure apps was enabled for all these tests.

For "Internet Email Settings" (i.e., "More settings"), I tried 3 configuration:

SMTP settings mirror IMAP settings
Custom SMTP settings, but with same User Name, Password, and SPA settings as IMAP
Custom SMTP settings, but with SPA disabled

In all cases, connection to SMTP failed because the encryption isn't supported. No details about what exactly isn't supported or what is supported.

Things tried #5

In response to another comment, I specified an SMTP port of 465 for SSL/TLS. Here are the settings:

With “Less secure apps” access allowed, the settings as shown above work for Outlook 2019.
Additionally, in the “POP and IMAP account settings panel, requiring SPA worked
Additionally, in the “Internet Email Settings” panel, in the “Outgoing Server” tab, requiring SPA worked
With “Less secure apps” access disabled, however, the server rejected the logon, and said I should verify my user name and password
This didn’t matter whether SPA was required in both of the above checkboxes, either one of them, or neither of them
On Outlook 2016, the encryption options were a bit different. There is no combined "SSL/TLS"; they are separate options. Port 465 required that SSL be chosen, and it didn't work if TLS is chosen. Since TLS is an improvement on TLS, I wanted to use that, and I had to specify port 587 for it to work. Of course, it only works when "Less secure apps" access is enabled, in which case it didn't matter which of the SPA checkboxes were checked.

Things tried #6

After re-reading the posted answer about modifying the registry to enable Oauth2, I tried the following for Outlook 2019. I used regedit to navigate to HKCU:\Software\Microsoft\Office\16.0\Common\Identity. Note that in Outlook 2019, I had 16.0, not 15.0. I created a DWORD EnableADAL and set it to 1. I started Outlook and tried to set the encryption. I did not have Oauth2 in the pulldown list, or anything like it. What I saw that was new was an Auto encryption.

According to this page, Auto tries the other encryption options, from most to least secure. Unfortunately, Oauth2 isn't among the "other" options. Even if it was, however, Auto is a dangerous setting because it creates the possibility of connecting with no encryption, as described in the aforementioned link.

This was tried on Outlook 2019. I find it very odd that Oauth2 is unavailable because the Google message about dropping less secure apps access after May 30 (above) explicitly suggests Outlook 2019 as a solution.

Conclusion

I could be wrong, as I'm not an IT person, but if the problem lies in Things tried #3, then it looks as if, come May 30, the need for Oauth2 will leave the free account users behind. Unless one is only going to access mail via a browser, one will need to move to a business account. :(

Could you provide us with a link to where you found the information that gmail will stop to allow imap access in the first place? I just did a quick google search and did not find anything pointing at this kind of news. — DarkDiamond, Mar 05 '22 at 05:42
That's the problem. It said "less secure", not IMAP. Disabling access by less secure apps prevented Outlook from connecting to the IMAP server, but I'm sure that it's not the only app that will be impacted, and it won't just be IMAP access. However, I am most concerned about IMAP, so that's what I'm asking about. Swimming through the Google pages about this, I found that they are not very specific about this. I posted an image of the email notification about stopping access by less secure apps. — user2153235, Mar 05 '22 at 06:11
Reading the link from @HyperOdes strongly implies that it will disable IMAP, as IMAP only requires a username and password (and server IP address, but that is impliend) — davidgo, Mar 05 '22 at 08:26
The warning email above says that Outlook 2019 should be fine. My experience is that it was not fine when I disallowed less secure apps. There must be a "technical setting" (I assume) to make it not less secure. And hopefully, it will work with Outlook 2013 as well, otherwise I'm up the creek (probably with many others). — user2153235, Mar 05 '22 at 16:38
@davidgo Not sure if I interpret your comment correctly, but IMAP is not limited to username/password, modern mail clients and server also support oAuth authentication. — Robert, Mar 05 '22 at 21:17
@HyperOdes wrote an answer which was deleted (and indeed is more appropriate as a comment), but had a useful link which helps show the problem - He wrote I got the same message, but for SMTP on my Outlook 2016. Here's a Link to Google page: https://support.google.com/accounts/answer/6010255?hl=en — davidgo, Mar 05 '22 at 23:11
An app password should do it, but you'll have to try it yourself. You should be using app passwords either way. Just make sure you use SSL/TLS when accessing POP3, IMAP and SMTP servers. — Daniel B, Mar 07 '22 at 16:51
Just from looking at your screenshots, one thing you have missed for sure is: on the "manual setup" page, the "Require Logon using Secure Password Authentication" needs to be checked. Moreover, read the accepted answer on [this Thread](https://support.google.com/mail/thread/50489857/cannot-set-up-outlook-to-connect-to-gmail-account?hl=en) and use the googlemail domain for servers. — 1NN, Mar 07 '22 at 17:33
[Some users report](https://support.google.com/mail/thread/14856266/come-configurare-gmail-imap-su-client-di-posta?hl=it) that they need to use ```imap.googlemail.com``` for receiving and ```smtp.gmail.com```for sending. — 1NN, Mar 07 '22 at 17:43
@1NN: I tried enabling SPA on IMAP. This is appended to the posted question as *Things tried #4*. On SMTP, I tried both enabling and disabling SPA. In all cases, the SMTP connection failed because the encryption was not supported. Less secure apps was enabled in all of these tests. Thanks anyway.... :( — user2153235, Mar 14 '22 at 00:47
Since Google is best positioned to explain how to connect to their servers, I posted to their Gmail community before even posting here. Odd, it was marked as off-topic without explanation. I tried again with the results of my 4 tries above, and got a message I had too many screen shots. I removed them one by one, but the message remained even after all pictures were removed. — user2153235, Mar 14 '22 at 17:32
I restarted the posting process with zero pictures. Initially, there was no off-topic tag, but the posted question was unavailable to the general public. Eventually, it too was tagged as off-topic. I haven't found Google communities to be hostile in the past, but I am not sure if I posted to the Gmail community before. I'm baffled by why the question is off-topic in a Gmail forum, and by the fact that no explanation is provided. — user2153235, Mar 15 '22 at 15:16
@user2153235 Your SMTP config is wrong. Port 587 only supports STARTTLS (plain text then upgrade to TLS). For direct SSL/TLS use port 465 See https://support.google.com/mail/answer/7126229?hl=en#zippy=%2Cstep-change-smtp-other-settings-in-your-email-client — Robert, Mar 25 '22 at 17:45
@Robert: Thanks, that allowed SPA to work, but only with "Less secure apps" access enabled. With "Less secure apps" access disabled, it yields a logon rejection, regardless of the state of the two SPA checkboxes. I added the details in the posted question under "Things tried #5". I'm curious, though, is it working for you? — user2153235, Mar 27 '22 at 01:34
That is not only a problem for Outlook. But for any setup that uses username-password login, like unix fetchmail etc. -- For me it's a reason to now completely stop using gmail, since rely on the possibility to programmatically fetch email without manually needing to supply a second factor. — Golar Ramblar, Jul 04 '22 at 09:36

score 3 · Answer 1 · answered Mar 06 '22 at 01:27

3

By "less secure", Google means that dual-factor authentication (Oauth2) is not now enabled on the Outlook instance on your PC. Since at least Outlook 2016, Oauth2 has been built in, but it is not automatically enabled. For Outlook 2013, it is also available, but requires a Registry hack.

To enable Oauth2 in Outlook 2013:

Press Windows, type rege, and select Regedit.
In the Location bar at top, go to HKCU:\Software\Microsoft\Office\15.0\Common\Identity (you can paste that into the bar).
In Identity, right-click and create a new DWORD value named EnableADAL.
Double-click that value and set it to 1.

Then, in either version, open Outlook account settings, and try to change authentication to Oauth2, as in GMail instructions.

answered Mar 06 '22 at 01:27

DrMoishe Pippik

25,661
4
36
54

I'm trying to work through this. It looks like it was written for developers. In the first linked page, I didn't recognize anything that seemed applicable to my situation. In the 2nd linked page, Step 1 seems done. Step 2 requires a "Google Developers Console", and the only ones I could find are at the lower right corner [here](https://developers.google.com/products). It's not clear which console I should look into. – user2153235 Mar 06 '22 at 06:29
see also https://support.google.com/a/answer/9003945?hl=en – DrMoishe Pippik Mar 06 '22 at 21:21
Thansk again, @DrMoishe Pippik. I followed up on on that, as well as other information pages as (seemingly) required and documented the results in the fulsome tail end of my question. Unless I'm wrong (quite possible), Oauth2 requires moving to a business account. :( Fair enough, I guess. Nothing is really free. :( But given that it has been free for decades, it will induce mass sadness, unwarranted though that may be. – user2153235 Mar 07 '22 at 02:07
No, AFAIK, Oauth2 simply relies on using cookies, or identifying and allowing a specific machine, e.g., by MAC address. It works well in Thunderbird on personal accounts. In Tbird, as soon as Oauth2 is selected (and cookies are allowed), a popup is shown to log in again to that account, and once confirmed, need not be reconfirmed again. – DrMoishe Pippik Mar 07 '22 at 14:44
From my screen shots of "manual" setup of the Outlook client, it isn't clear where to select Oauth2. The non-manual procedure failed, and I thought that following the process to enable Oauth2 on the server side might redress this. I recounted attempts to follow [Recommendations for setting up IMAP](https://support.google.com/a/answer/10547014), but it requires a business account. – user2153235 Mar 07 '22 at 16:04
I tried the registry modification, but `Oauth2` was not available in the list of encryptions. I've added this to my posted question as "Things tried #6". Thanks anyway. – user2153235 Mar 27 '22 at 04:30
@user2153235 You might try another another mail reader, e.g., Thunderbird, in which I find easy to set up new accounts. – DrMoishe Pippik Mar 27 '22 at 19:33
I'm a prisoner of Outlook and Windows, otherwise I'd move to Linux & Thunderbird. Outlook's my Personal Information Manager (PIM); it avoids the cloud when syncing with my phone. It uses home WiFi, and the app is AkrutoSync, which presents interacts with the Outlook data and presents an Exchange interface to the phone. Cloudless alternatives for syncing my 3 important PIM data are extremely limited (calendar, contacts, notes). Linux options only seem to be suitable for IT/IM/OS experts, which I am certainly not. My user-level experience in Unix comes from bygone university days. – user2153235 Mar 27 '22 at 20:06
Because of my imprisonment, if I can't get Outlook to read mail, I will use webmail. Any calendar invites sent to me can be converted into a calendar-standard file with a click of a link. The file can be opened up as a calendar event by Outlook and then saved into its calendar. At the moment, that's the only interoperability that I need between my PIM and email. It's not the most convenient, but it's not the end of the world. So I say now, and I hope that come May 30, I won't be surprised by finding that there is some essential functionality that I overlooked. – user2153235 Mar 27 '22 at 20:06
1

@user2153235, while you may be stuck with Outlook, native Firefox is on virtually all platforms: Windows, IOS, Android, Linux (perhaps somone has ported it to Amiga, Atari and Commodore ;-) – DrMoishe Pippik Mar 27 '22 at 23:29
Actually, another reason why I'm stuck with Windows is that the income tax program that I'm used to is on Windows. Something top of mind in Canada right around now. I strongly suspect that the options are much more limited on Linux. So as much of a resource hog it is (and hence, as sluggish as it is), I'm stuck with Windows. There will probably be other Windows-only usages that will come to mind as the year wears on. – user2153235 Mar 28 '22 at 07:08

user2153235 · Answer 2 · 2022-04-28T15:41:43.683

I haven't found a way to keep IMAP between Outlook and Gmail, but if I fall back to webmail access to Gmail, I can save any calendar invites as an *.ics file on the local computer, then open it with Outlook to add it to my local calendar.

Similarly, instead of forwarding Outlook calendar events from my local computer by having Outlook connect to Gmail, I save an existing event as an *.ics file, then use webmail to access Gmail and send it to recipients.

Same deal with creating new calendar events on the local Outlook calendar. Save as *.ics, then use webmail to access Gmail and send it to recipients.

Afternote 2022-04-28: Google's setup page says that on Outlook, you should be able to use File -> Add Account to get a popup window for Google Sign In. I found that not to be the case. I just get the traditional Outlook popup window for account, setup, which has nothing to do with Google Sign In:

Stancho · Answer 3 · 2022-05-05T13:39:23.990

0

I just managed to connect an Outlook 2016 to a @gmail.com account via IMAP by

enabling 2FA and then
using an app password generated from my Google account.

Enabling 2FA automatically disables "Less secure apps" meaning that it should remain working after May 30.

Working with app passwords is explained here: https://support.google.com/accounts/answer/185833

edited May 05 '22 at 13:39

answered May 05 '22 at 12:38

Stancho

1
1

2

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community May 05 '22 at 13:18
This sounds like good news. I will try it this weekend. Did you do it on a phone or a laptop? Also, does 2FA mean that you need to provide a phone number in order to receive a text message? – user2153235 May 07 '22 at 01:36
1

Yes, you need a phone to setup 2FA - either by a text message or with the Authenticator app. But you only need to do this once during the setup. Having turned 2FA on will give you access to issue App Passwords. You will not need to do 2FA when using an app password afterwards. – Stancho May 10 '22 at 06:05
Well, I caved and provided my cellphone number to Google for a number of accounts. I then enabled 2FA, which then allowed me to enable Apps Password for the gmail accounts of interest. Even though [this page](https://support.google.com/accounts/answer/185833) says that an App Password can only be used once, I was able to use the same App Password to login to each account from Outlook on different laptops. It isn't clear whether App Passwords are sufficient after May 2022. – user2153235 Jun 01 '22 at 01:33
In my posted question, Google's warning email has a "Learn more" link. The webpage there says "To help keep your account secure, from May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password." But that's exactly what an Apps Password is. Even though the webpage lists App Password under "Fix problems: Can’t use an app with my Google Account", it isn't clear whether it will be enough after May...AFTERNOTE: It's technically June 1 now; I am still able to sync Outlook with Gmail! – user2153235 Jun 01 '22 at 05:14

score 0 · Answer 4 · answered May 19 '22 at 16:25

0

I've just tested and found it even works with Outlook 2010.

There are really good step by step directions at:

https://www.laptopmag.com/articles/set-up-gmail-2-factor-for-outlook

answered May 19 '22 at 16:25

Mike C

11

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/late-answers/1125106) – DarkDiamond May 19 '22 at 16:43
Thank you, Mike C. I am reticent to provide my cell number for 2FA, but I may relent. I'm a bit confused, however. Even though the title refers to 2FA, it seems to be about having Google generate a password. I don't see how this is any better than my own well-chosen password, except that it is too hard to remember, which could cause problems if I want to access my email from various machines. In addition to that point of confusion, nowhere does the article seem to actually discuss 2FA. Do you have a perspective on these two points? Thanks. – user2153235 May 23 '22 at 23:44
Well, I caved and provided my cellphone number to Google for a number of accounts. I then enabled 2FA, which then allowed me to enable Apps Password for the gmail accounts of interest. Even though [this page](https://support.google.com/accounts/answer/185833) says that an App Password can only be used once, I was able to use the same App Password to login to each account from Outlook on different laptops. It isn't clear whether App Passwords are sufficient after May 2022. – user2153235 Jun 01 '22 at 01:33
In my posted question, Google's warning email has a "Learn more" link. The webpage there says "To help keep your account secure, from May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password." But that's exactly what an Apps Password is. Even though the webpage lists App Password under "Fix problems: Can’t use an app with my Google Account", it isn't clear whether it will be enough after May...AFTERNOTE: It's technically June 1 now; I am still able to sync Outlook with Gmail! – user2153235 Jun 01 '22 at 05:14
Yep, but cannot get it to work for extra/sub accounts. Only seems to work for my main Gmail account (Outlook 2010 using imap.gmail.com & smtp.). You can only generate an App Password under 'root' account from what I see. So, forget about adding extra accounts (the accounts you see under 'switch accounts' on Gmail site) under older email clients this way. But, main account has worked under 2010 using App Password for over a year now. – B. Shea Jun 29 '22 at 16:18
I'm not sure what you mean by "main" and "extra/sub accounts". I have a gmail account (my own personal free one) that I use for work, and another for non-work. The 2FA works for both. Can you please clarify? – user2153235 Jul 04 '22 at 13:31

score 0 · Answer 5 · edited Jun 07 '22 at 20:37

Following this Youtube video https://www.youtube.com/watch?v=h_NP3pcvkAg (describing the same approach as MikeC and Stancho wrote about on the top).

The basic steps for me (Outlook 2013 and IMAP) was the ones below. I did not have to use the registry hack described here to enable OAuth2 to read and send my mails via the Gmail account to/rom Outlook2013).

go into the Account/Security settings Follow the "Turn on "2 Factor Authentication (2FA)" (Yes - now you have to provide a phone number)
Now, App Passwords below 2FA becomes visible
Add a new password
Copy the generated password
Open(Change) your Gmail account settings in Outlook
Replace the password with the one copied from above
Finish

Now things worked for me. Hope it works for you too.

@Toto: That sounds very familiar from my experience. And yes, the OAuth2 route didn't do it for me. It was nice of the suggestor to put that forward as a possible way ahead, but I found it to be unnecessary. — user2153235, Jun 08 '22 at 14:29

How to keep IMAP access to gmail after May 30?

5 Answers5