Archived Forum Post

Index of archived forum posts

Question:

GMAIL: Allowing less secure apps to access your account, or use OAUTH2?

Jul 01 '16 at 02:02

Gmail says I use a not secure application to access mail and, if I want use you dll (.net), I must set Gmail to accept unsecure connections.

How can I resolve?


Answer

There are two ways to authenticate with GMAIL: Either using a secure TLS connection w/ a login/password, which according to Google is insecure and not a "modern security standard" or you can use OAUTH2.

(I don't fully understand why Google claims TLS, using the latest cryptographic algorithms, using version 1.2, and properly implemented and without known vulnerabilities, is "less secure". I suppose it is if the chosen password is "secret" or some other incredibly weak password...)

In any case, to use GMail with a login/password over TLS, login to your GMail account on a web browser, and then browse to https://www.google.com/settings/security/lesssecureapps

Make sure the "Turn on" radio button is selected.

To use GMail with OAUTH2 requires interaction with the GMail account owner, unless you own the GMail account and have established a "service account" with access to GMail.

For the 1st case (where OAUTH2 requires interaction with the GMail account owner), this will require an interactive application with redirects and callback URLs to get the OAUTH2 access token, or if it is a Forms app, would require a popup or embedded browser. To see an example of this, download the latest version of Mozilla Thunderbird and setup a GMail account in it. You'll notice the popup to GMail.com asking the GMail account owner for permission (by the Thunderbird app) to access our account.

For an example w/ no interaction using a service account, see: https://www.example-code.com/csharp/smtp_gmailOAuth2.asp


Answer

or you can enable 2-step verification for the gmail account, see http://www.chilkatforum.com/questions/2526/tip-gmail-smtp-2-step-verification